This step is necessary only if your installation allows users to issue remote execution commands without the requirement of specifying a password on the remote execution client.
Use the following steps to ensure that the server can correctly access necessary MVS™ resources. You can use z/OS® Security Server (RACF®) or an equivalent security program.
This data set identifies the Remote Execution clients that can execute MVS commands remotely by sending an RSH command.
When a Remote Execution client sends an RSH request to the TSO Remote Execution server, the request includes the local user ID of the client user (local_userid) and, if the client user specified the -l option of the RSH command, the request also contains the user ID to use on the remote host (mvs_userid). If the client does not specify the -l option, the user ID to be used on the remote host is assumed to be the same as the local_userid.
When the TSO Remote Execution server receives an RSH command without a password, the server looks for a data set called mvs_userid.RHOSTS.DATA. The mvs_userid.RHOST.DATA data set contains one or more entries. Each entry consists of two parts, a fully qualified name of the client user's host and a local_userid associated with that host. The local_userid is case sensitive. If the data set exists, the server reads it and looks for an entry with a host name that matches the client user's host. If the user ID specified on this entry in the RHOSTS.DATA data set matches the local_userid passed on the RSH command, the RSH command continues processing. If the entry does not exist, the server responds to the client with message EZA4386E Permission denied.
In the following example of an RHOSTS.DATA data set, the MVS client user mvsuser is allowed to issue the RSH command without a password from host rs60007 with a local AIX® user ID of aixuser.
Example of mvsuser.RHOSTS.DATA data set:
rs60007.itso.ral.ibm.com aixuser