z/OS Cryptographic Services ICSF System Programmer's Guide
Previous topic | Next topic | Contents | Index | Contact z/OS | Library | PDF


Steps to create the ICSF Startup Procedure

z/OS Cryptographic Services ICSF System Programmer's Guide
SA22-7520-17

ICSF provides these two job control language programs. You can use this code as the basis for your startup procedure.

  • member CSF in SYS1.SAMPLIB 
    //CSF PROC
//CSF EXEC PGM=CSFINIT,REGION=0M,TIME=1440,MEMLIMIT=NOLIMIT
//CSFPARM DD DSN=SYS1.PARMLIB(CSFPRM00),DISP=SHR
  • member CSFSTART in SYS1.SAMPLIB (batch setup for SMP/E) 
    //CSFSTART PROC
//CSFSTART EXEC PGM=CSFINIT,REGION=0M,TIME=1440,MEMLIMIT=NOLIMIT
//CSFPARM DD DSN=SYS1.PARMLIB(CSFPRM01),DISP=SHR).

    Store this startup PROC in SYS1.PROCLIB (or another suitable library). For SMP/E this startup PROC can be copied to the CPAC.PROC data set, and the data set name (SYS1.PARMLIB) can be copied to match the name you chose for the CPAC.PARMLIB data set (in which CSFPRM01 would be placed). This would work for Server-Pac. Outside of Server-Pac, you need to copy and edit CSFSTART.

  1. Change or use the sample startup procedure according to your needs.
    1. In the sample code, the first line is the PROC statement. You can add one or more procedure variables to the PROC statement. For example, you can allow the system operator to decide at start time which member of the installation options data set to use. This example allows the operator to enter START CSF,M=CSFPRM01, specifying an alternate set of start-up options. 
      //CSF  PROC M=CSFPRM00

      ·
      ·
      ·
      
//CSFPARM DD DSN=MY.ICSF.PARM(&M),DISP=SHR

      You can use the same principle to change the name of a sequential data set, if you are not using a partitioned data set.

    2. The last line is the CSFPARM DD statement. The sample code specifies SYS1.PARMLIB as the data set where the installation options data set is stored. If you stored the installation options data set elsewhere, replace SYS1.PARMLIB with the name of the data set where you stored the installation options.
    3. The CSFPARM DD statement also specifies member CSFPRM00 as the name of the installation options data set. If you used a different name when you created the installation options data set (or any time you want to use other options), change this member name.
  2. Store your startup procedure in SYS1.PROCLIB (or another suitable library) with a member name of your choice. (Depending on installation standards, possible names include CSF, CSFPROD, and CRYPTO.)
  3. If you use Security Server (RACF), you may need to update the RACF Started Procedure Table if you define a new started task:
    1. Add the new started task name
    2. Add a RACF userid to associate with the started task. This userid requires that:
      • READ access to the data set to which the CSFPARM JCL DD statement refers
      • Define all CKDSs in every installation option data set.
      • Define all PKDSs in every installation option data set.
      See z/OS Security Server RACF System Programmer’s Guide for more information.
    3. Optionally, you can add a RACF group name.
    Note:
    RACF uses the userid associated with the ICSF address space only when accessing the CKDS and PKDS named in the installation options data set and then only at ICSF startup. When you perform a CKDS or PKDS Refresh task by using the ICSF ISPF panels under TSO/E, RACF uses the TSO userid to determine access authorization. When the CKDS Refresh and PKDS Refresh tasks are a batch job, RACF uses the userid associated with the batch address space to determine access authorization.

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014