Home » Infrastructure » Other Operating Systems » Oracle with RACF
Oracle with RACF [message #113781] |
Mon, 26 November 2001 02:00 |
Robin Upcott
Messages: 10 Registered: July 2000
|
Junior Member |
|
|
I am trying to use RACF to control access from USS, Batch, and CICS. SYSDBA and SYSOPER works well using the FACILITY CLASS. I am trying to define the AM4CICS thread table to use AUTH=USERID and pass the CICS defined Userid to ORACLE (This userid is defined in ORACLE as AUTH EXTERNAL my instance has LOGON_AUTH(SAF))
I get ORACLE error 01004 - is that "default username
feature not supported"?
Can I define the control thread without AM4COID and AM4CAUTH ?
Ideally I would like never to have to code a password outside of RACF is this possible ?
Anyone else done this at V8172 ?
Thanks Robin
|
|
|
Re: Oracle with RACF [message #113784 is a reply to message #113781] |
Wed, 28 November 2001 04:55 |
paul mansfield
Messages: 35 Registered: January 2001
|
Member |
|
|
: I am trying to use RACF to control access from USS, Batch, and CICS. SYSDBA and SYSOPER works well using the FACILITY CLASS. I am trying to define the AM4CICS thread table to use AUTH=USERID and pass the CICS defined Userid to ORACLE (This userid is defined in ORACLE as AUTH EXTERNAL my instance has LOGON_AUTH(SAF))
: I get ORACLE error 01004 - is that "default username
: feature not supported"?
: Can I define the control thread without AM4COID and AM4CAUTH ?
: Ideally I would like never to have to code a password outside of RACF is this possible ?
: Anyone else done this at V8172 ?
: Thanks Robin
Robin,
we do something similar and it all works o.k.
Sample thread table...
ORACICS TYPE=START,ACCT=USERID,SSN=ORAV,MAXTHRD=99,MAXCRSR=20
ORACICS TYPE=THREAD,COPIES=97,PROTECT=55,ACCT=TRANSID, 1
TRANSAC=*,AUTH=(USERID)
ORACICS TYPE=ENV, 1
ENAME=(NLS_LANG=AMERICAN_AMERICA.WE8EBCDIC37C, 1
NLS_DATE_FORMAT=DD-MON-YYYY)
ORACICS TYPE=END
END
We do use LOGON_AUTH=(RACFSAMP)
There were problems with links to UNIX Databases but a patch was provided which fixed this.
|
|
|
Re: Oracle with RACF [message #113790 is a reply to message #113784] |
Thu, 13 December 2001 06:19 |
Robin Upcott
Messages: 10 Registered: July 2000
|
Junior Member |
|
|
: : I am trying to use RACF to control access from USS, Batch, and CICS. SYSDBA and SYSOPER works well using the FACILITY CLASS. I am trying to define the AM4CICS thread table to use AUTH=USERID and pass the CICS defined Userid to ORACLE (This userid is defined in ORACLE as AUTH EXTERNAL my instance has LOGON_AUTH(SAF))
: : I get ORACLE error 01004 - is that "default username
: : feature not supported"?
: : Can I define the control thread without AM4COID and AM4CAUTH ?
: : Ideally I would like never to have to code a password outside of RACF is this possible ?
: : Anyone else done this at V8172 ?
: : Thanks Robin
: Robin,
: we do something similar and it all works o.k.
: Sample thread table...
: ORACICS TYPE=START,ACCT=USERID,SSN=ORAV,MAXTHRD=99,MAXCRSR=20
: ORACICS TYPE=THREAD,COPIES=97,PROTECT=55,ACCT=TRANSID, 1
: TRANSAC=*,AUTH=(USERID)
: ORACICS TYPE=ENV, 1
: ENAME=(NLS_LANG=AMERICAN_AMERICA.WE8EBCDIC37C, 1
: NLS_DATE_FORMAT=DD-MON-YYYY)
: ORACICS TYPE=END
: END
: We do use LOGON_AUTH=(RACFSAMP)
: There were problems with links to UNIX Databases but a patch was provided which fixed this.
Paul thanks for the info, I've now progressed to a ORA 01017 (invalid userid/password)
this is with OS_AUTHENT_PREFIX='' and LOGON_AUTH(SAF) or LOGON_AUTH(RACFSAMP) and a thread table like this....
ORACICS TYPE=START,ACCT=USERID,SSN=ORAP,MAXTHRD=30,MAXCRSR=5, PRIORTY=HIGH
ORACICS TYPE=THREAD,ACCT=USERID,COPIES=2,PROTECT=NO, TRANSAC=ORAC,AUTH=USERID)
ORACICS TYPE=THREAD,COPIES=9,PROTECT=NO, TRANSAC=*,AUTH=USERID)
ORACICS TYPE=END END
In Oracle I have a userid same as the CICS default userid. Is this what the Admin manual means by CICS userid. (This is identified Externally).
|
|
|
Re: Oracle with RACF [message #113791 is a reply to message #113790] |
Thu, 13 December 2001 07:24 |
Robin Upcott
Messages: 10 Registered: July 2000
|
Junior Member |
|
|
: : : I am trying to use RACF to control access from USS, Batch, and CICS. SYSDBA and SYSOPER works well using the FACILITY CLASS. I am trying to define the AM4CICS thread table to use AUTH=USERID and pass the CICS defined Userid to ORACLE (This userid is defined in ORACLE as AUTH EXTERNAL my instance has LOGON_AUTH(SAF))
: : : I get ORACLE error 01004 - is that "default username
: : : feature not supported"?
: : : Can I define the control thread without AM4COID and AM4CAUTH ?
: : : Ideally I would like never to have to code a password outside of RACF is this possible ?
: : : Anyone else done this at V8172 ?
: : : Thanks Robin
: : Robin,
: : we do something similar and it all works o.k.
: : Sample thread table...
: : ORACICS TYPE=START,ACCT=USERID,SSN=ORAV,MAXTHRD=99,MAXCRSR=20
: : ORACICS TYPE=THREAD,COPIES=97,PROTECT=55,ACCT=TRANSID, 1
: : TRANSAC=*,AUTH=(USERID)
: : ORACICS TYPE=ENV, 1
: : ENAME=(NLS_LANG=AMERICAN_AMERICA.WE8EBCDIC37C, 1
: : NLS_DATE_FORMAT=DD-MON-YYYY)
: : ORACICS TYPE=END
: : END
: : We do use LOGON_AUTH=(RACFSAMP)
: : There were problems with links to UNIX Databases but a patch was provided which fixed this.
: Paul thanks for the info, I've now progressed to a ORA 01017 (invalid userid/password)
: this is with OS_AUTHENT_PREFIX='' and LOGON_AUTH(SAF) or LOGON_AUTH(RACFSAMP) and a thread table like this....
: ORACICS TYPE=START,ACCT=USERID,SSN=ORAP,MAXTHRD=30,MAXCRSR=5, PRIORTY=HIGH
: ORACICS TYPE=THREAD,ACCT=USERID,COPIES=2,PROTECT=NO, TRANSAC=ORAC,AUTH=USERID)
: ORACICS TYPE=THREAD,COPIES=9,PROTECT=NO, TRANSAC=*,AUTH=USERID)
: ORACICS TYPE=END END
: In Oracle I have a userid same as the CICS default userid. Is this what the Admin manual means by CICS userid. (This is identified Externally).
I just discovered that if I use the CICS APPLID
thats APPLID=(nnnnnnnn) from the SIT it works
so the CICS userid is in fact the CICS APPLID !
|
|
|
Re: Oracle with RACF [message #113796 is a reply to message #113791] |
Wed, 19 December 2001 23:32 |
paul mansfield
Messages: 35 Registered: January 2001
|
Member |
|
|
Robin,
you should be able to use distict userids (we do) but if you're happy with that solution that's fine. Are you using a remote instance or does it reside on the mainframe?
|
|
|
Re: Oracle with RACF [message #113800 is a reply to message #113796] |
Thu, 10 January 2002 03:00 |
Robin
Messages: 73 Registered: October 2001
|
Member |
|
|
: Robin,
: you should be able to use distict userids (we do) but if you're happy with that solution that's fine. Are you using a remote instance or does it reside on the mainframe?
Do you mean distinct ? (ie AUTH=(userid) in the CICS thread table) I have not tried this.
Our instance is local
|
|
|
Goto Forum:
Current Time: Thu Dec 12 20:54:18 CST 2024
|