SIOCGPARTNERINFO with PI_REQTYPE_PARTNER_USERID fails with EPERM NOT OWNER
I have done all the security setup pertaining to EZBDOMAIN and EZB.IOCTL.*.*.PARTNERINFO and despite that the SIOCGPARTNERINFO with PI_REQTYPE_PARTNER_USERID returns EPERM NOT OWNER.
To enable applications in a sysplex to exchange security information over a TCP sockets connection, the SIOCGPARTNERINFO ioctl is used to establish a trusted TCP connection between the applications. PI_REQTYPE_PARTNER_USERID (X'01) is specified as input to SIOCGPARTNERINFO to request connection routing information and the partner user ID
For "EPERM NOT OWNER", it could be one of 2 problems:
- Incorrect definition of RACF for EZBDOMAIN:
- RACF was not correctly defined for EZB.IOCTL.*.*.PARTNERINFO:
Resolving the problem
(1) Incorrect definition of RACF for EZBDOMAIN:
Issue the following RACF command to display defined ezbdomain:
rl servauth ezbdomain
For EZBDOMAIN, both partner connections have to be defined before bringing up TCPIP stacks. Assume both partner connections are in different stacks. If the partner connections are in the same stack,TCPIP will not check the security for it.
Define security product authority for the profile EZBDOMAIN in the SERVAUTH class within the sysplex that is to use trusted TCP connections. Specify the same security domain name in the APPLDATA field.
RDEFINE SERVAUTH EZBDOMAIN APPLDATA('security_domain_name')
(2) RACF was not correctly defined for EZB.IOCTL.*.*.PARTNERINFO:
Use the following RACF command to ensure that RACF is defined correctly:
rl servauth EZB.IOCTL.*.*.PARTNERINFO