z/OS Security Server RACF System Programmer's Guide
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


Sample output for single-system nodes

z/OS Security Server RACF System Programmer's Guide
SA23-2287-00

In this example, NODE1 is defined as the local node and NODE2, NODE3, NODE4, and RSFNODE4 are defined as its target nodes. Figure 1 illustrates the summary information displayed for a TARGET LIST command.

Figure 1. Summary information displayed by a TARGET LIST command for a single-system node
IRRM009I (<) LOCAL RRSF NODE NODE1 IS IN THE OPERATIVE ACTIVE STATE.
IRRM091I (<)      - LOCAL NODE TCP LISTENER IS ACTIVE.
IRRM091I (<)      - LOCAL NODE APPC LISTENER IS ACTIVE.
IRRM009I (<) REMOTE RRSF NODE NODE2 IS IN THE OPERATIVE ACTIVE STATE.
IRRM009I (<) REMOTE RRSF NODE NODE3 IS IN THE OPERATIVE PENDING
CONNECTION STATE.
IRRM009I (<) REMOTE RRSF NODE NODE4 IS IN THE OPERATIVE PENDING
CONNECTION STATE.
IRRM009I (<) REMOTE RRSF NODE RSFNODE4 IS IN THE OPERATIVE PENDING
CONNECTION STATE.

Figure 2 illustrates the detailed information displayed for a TARGET LIST command for a node using APPC/MVS.

Figure 2. Detailed information displayed by a TARGET LIST command for a single-system node using APPC/MVS.
IRRM010I (<) RSFJ SUBSYSTEM PROPERTIES OF LOCAL RRSF NODE NODE1:
   STATE       - OPERATIVE ACTIVE
   DESCRIPTION - <NOT SPECIFIED>
   PROTOCOL    - APPC
                 LU NAME          - MF1AP001
                 TP PROFILE NAME  - IRRRACF
                 MODENAME         - <NOT SPECIFIED>
                 LISTENER STATUS  - ACTIVE
   TIME OF LAST TRANSMISSION TO   - <NONE>
   TIME OF LAST TRANSMISSION FROM - <NONE>
   WORKSPACE FILE SPECIFICATION
         PREFIX                   - "RSFJ.WORK"
         WDSQUAL                  - <NOT SPECIFIED>
         FILESIZE                 - 500
         VOLUME                   - TEMP01
         FILE USAGE
                 "RSFJ.WORK.NODE1.INMSG"
                                  - CONTAINS 0 RECORD(S)
                                  - OCCUPIES 1 EXTENT(S)
                 "RSFJ.WORK.NODE1.OUTMSG"
                                  - CONTAINS 0 RECORD(S)
                                  - OCCUPIES 1 EXTENT(S)
Figure 3 illustrates the detailed information displayed for a TARGET LIST command for a node using TCP/IP. In this output:
  • The IP ADDRESS line is displayed only if the resolved IP address differs from the host address specified on the TARGET command for this node. The IP address value shown is the value determined the last time a remote connection was attempted.
  • For operative connections, some (but not all) attributes from the AT-TLS policy are shown. Use the NETSTAT command to see additional information. For information about the NETSTAT command, see z/OS Security Server RACF Diagnosis Guide and z/OS Communications Server: IP System Administrator's Commands.
  • A MAPPED USER line is displayed for the AT-TLS policy if the client authentication level is SAFCHECK. It displays the user ID to which the connecting system's digital certificate is mapped.
  • The rule name and client authentication are always displayed in upper case, even if they are in mixed case in the AT-TLS policy.
  • The cipher is displayed as a number followed by a string. The numbers and string values for the cipher suites are defined by the relevant SSL or TLS RFCs. The values supported by System SSL are documented in the description of the gsk_environment_open() service in z/OS Cryptographic Services System SSL Programming. The values supported by AT-TLS are documented in the description of the TTLSCipherParms statement in z/OS Communications Server: IP Configuration Reference. The value shown in the figure is documented by System SSL to mean "256-bit AES encryption with SHA-1 message authentication and RSA key exchange".
Figure 3. Detailed information displayed by a TARGET LIST command for a single-system node using TCP/IP.
IRRM010I (<) RSWJ SUBSYSTEM PROPERTIES OF REMOTE RRSF NODE NODE2:
   STATE - OPERATIVE ACTIVE
   DESCRIPTION - <NOT SPECIFIED>
   PROTOCOL - TCP
              HOST ADDRESS - MVS5.POK.OURS.COM
              IP ADDRESS - 9.57.1.13
              LISTENER PORT - 18136
              AT-TLS POLICY:
                RULE_NAME - RRSF-CLIENT
                CIPHER ALG - 35 TLS_RSA_WITH_AES_256_CBC_SHA
                CLIENT AUTH - REQUIRED
   TIME OF LAST TRANSMISSION TO - 16:45:39 DEC 15, 2010
   TIME OF LAST TRANSMISSION FROM - 16:45:40 DEC 15, 2010
   WORKSPACE FILE SPECIFICATION
         PREFIX - "SYS1.RRSF"
         WDSQUAL - <NOT SPECIFIED>
         FILESIZE - 500
         VOLUME - DASD01
         FILE USAGE
                 "SYS1.RRSF.NODE1.NODE2.INMSG"
                                  - CONTAINS 0 RECORD(S)
                                  - OCCUPIES 1 EXTENT(S)
                 "SYS1.RRSF.NODE1.NODE2.OUTMSG"
                                  - CONTAINS 0 RECORD(S)
                                   - OCCUPIES 1 EXTENT(S)

Figure 4 illustrates the detailed information displayed for a TARGET LIST NODE(nodename) command for a local node that uses both TCP/IP and APPC/MVS.

Figure 4. Detailed information displayed by a TARGET LIST NODE(nodename) command for a single-system local node that uses both APPC/MVS and TCP/IP.
IRRM010I (<) RSWJ SUBSYSTEM PROPERTIES OF LOCAL RRSF NODE NODE1:
   STATE       - OPERATIVE ACTIVE
   DESCRIPTION - <NOT SPECIFIED>
   PROTOCOL    - TCP
                 HOST ADDRESS      - 0.0.0.0
                 IP ADDRESS        - 9.57.1.243
                 LISTENER PORT     - 18136
                 LISTENER STATUS   - ACTIVE
   PROTOCOL    - APPC
                 LU NAME           - MF1AP001
                 TP PROFILE NAME   - IRRRACF
                 MODENAME          - <NOT SPECIFIED>
                 LISTENER STATUS   - ACTIVE
   TIME OF LAST TRANSMISSION TO    - <NONE>
   TIME OF LAST TRANSMISSION FROM  - <NONE>
   WORKSPACE FILE SPECIFICATION
         PREFIX                    - "SYS1.RRSF"
         WDSQUAL                   - <NOT SPECIFIED>
         FILESIZE                  - 500
         VOLUME                    - TEMP01
         FILE USAGE
                "SYS1.RRSF.NODE1.INMSG"
                                   - CONTAINS 0 RECORD(S)
                                   - OCCUPIES 1 EXTENT(S)
                "SYS1.RRSF.NODE1.OUTMSG"
                                   - CONTAINS 0 RECORD(S)
                                   - OCCUPIES 1 EXTENT(S)

Figure 5 illustrates the information displayed for a TARGET LISTPROTOCOL command. Figure 6 illustrates the information displayed for a TARGET LIST command issued on the same system. This output is the same as the TARGET LISTPROTOCOL output except that it does not list the protocol for each remote node.

Figure 5. Information displayed by a TARGET LISTPROTOCOL command.
IRRM009I (<) LOCAL RRSF NODE NODE1 IS IN THE OPERATIVE ACTIVE STATE.
IRRM091I (<)      - LOCAL NODE TCP LISTENER IS ACTIVE.
IRRM091I (<)      - LOCAL NODE APPC LISTENER IS ACTIVE.
IRRM009I (<) REMOTE RRSF NODE NODE2 PROTOCOL APPC IS IN THE OPERATIVE
ACTIVE STATE.
IRRM009I (<) REMOTE RRSF NODE NODE3 PROTOCOL APPC IS IN THE OPERATIVE
PENDING CONNECTION STATE.
IRRM009I (<) REMOTE RRSF NODE NODE4 PROTOCOL TCP IS IN THE OPERATIVE
PENDING CONNECTION STATE.
IRRM009I (<) REMOTE RRSF NODE NODE5 PROTOCOL TCP IS IN THE OPERATIVE
PENDING CONNECTION STATE.
Figure 6. Information displayed by a TARGET LIST command.
IRRM009I (<) LOCAL RRSF NODE NODE1 IS IN THE OPERATIVE ACTIVE STATE.
IRRM091I (<) - LOCAL NODE TCP LISTENER IS ACTIVE.
IRRM091I (<) - LOCAL NODE APPC LISTENER IS ACTIVE.
IRRM009I (<) REMOTE RRSF NODE NODE2 IS IN THE OPERATIVE ACTIVE STATE.
IRRM009I (<) REMOTE RRSF NODE NODE3 IS IN THE OPERATIVE PENDING
CONNECTION STATE.
IRRM009I (<) REMOTE RRSF NODE NODE4 IS IN THE OPERATIVE PENDING
CONNECTION STATE.
IRRM009I (<) REMOTE RRSF NODE NODE5 IS IN THE OPERATIVE PENDING
CONNECTION STATE.
Parent topic: Listing the attributes of target nodes

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014