SIOCGPARTNERINFO with PI_REQTYPE_PARTNER_USERID fails with EPERM NOT OWNER

Technote (troubleshooting)


Problem(Abstract)

I have done all the security setup pertaining to EZBDOMAIN and EZB.IOCTL.*.*.PARTNERINFO and despite that the SIOCGPARTNERINFO with PI_REQTYPE_PARTNER_USERID returns EPERM NOT OWNER.

Cause

To enable applications in a sysplex to exchange security information over a TCP sockets connection, the SIOCGPARTNERINFO ioctl is used to establish a trusted TCP connection between the applications. PI_REQTYPE_PARTNER_USERID (X'01) is specified as input to SIOCGPARTNERINFO to request connection routing information and the partner user ID

For "EPERM NOT OWNER", it could be one of 2 problems:

  • Incorrect definition of RACF for EZBDOMAIN:
  • RACF was not correctly defined for EZB.IOCTL.*.*.PARTNERINFO:

Resolving the problem


(1) Incorrect definition of RACF for EZBDOMAIN:


Issue the following RACF command to display defined ezbdomain:
rl servauth ezbdomain

For EZBDOMAIN, both partner connections have to be defined before bringing up TCPIP stacks. Assume both partner connections are in different stacks. If the partner connections are in the same stack,TCPIP will not check the security for it.

Define security product authority for the profile EZBDOMAIN in the SERVAUTH class within the sysplex that is to use trusted TCP connections. Specify the same security domain name in the APPLDATA field.
RDEFINE SERVAUTH EZBDOMAIN APPLDATA('security_domain_name')

(2) RACF was not correctly defined for EZB.IOCTL.*.*.PARTNERINFO:
Use the following RACF command to ensure that RACF is defined correctly:
rl servauth EZB.IOCTL.*.*.PARTNERINFO


Rate this page:

(0 users)Average rating

Document information


More support for:

z/OS Communications Server

Software version:

1.12, 1.13, 2.1

Operating system(s):

z/OS

Reference #:

1601304

Modified date:

2012-12-28

Translate my page

Machine Translation

Content navigation