z/OS Security Server RACROUTE Macro Reference
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


RACINIT (standard form)

z/OS Security Server RACROUTE Macro Reference
SA23-2294-00

The standard form of the RACINIT macro is written as follows:

   
   name name: Symbol. Begin name in column 1.
   
One or more blanks must precede RACINIT.
   
RACINIT  
   
One or more blanks must follow RACINIT.
   
    USERID=userid addr userid addr: A-type address or register (2) – (12)
   
    ,PASSWRD=password password addr: A-type address or register (2) – (12)
    addr  
   
    ,START=procname addr procname addr: A-type address or register (2) – (12)
   
    ,NEWPASS=new new password addr: A-type address or register (2) – (12)
    password addr  
   
    ,GROUP=group addr group addr: A-type address or register (2) – (12)
  Default: zero.
   
    ,PGMNAME=programmer programmer name addr: A-type address or register (2) – (12)
    name addr  
   
    ,ACTINFO=account addr account addr: A-type address or register (2) – (12)
   
    ,OIDCARD=oid addr oid addr: A-type address or register (2) – (12)
   
    ,TERMID=terminal addr terminal addr: A-type address or register (2) – (12)
   
    ,JOBNAME=jobname jobname addr: A-type address or register (2) – (12)
    addr  
   
    ,ENVIR=CREATE Default: ENVIR=CREATE
    ,ENVIR=CHANGE
Note:
  1. ENVIR=CHANGE cannot be specified with USERID=, PASSWRD=, START=, NEWPASS=, ACTINFO=, PGMNAME=, OIDCARD=, or TERMID= parameters.
  2. ENVIR=DELETE cannot be specified with APPL=, USERID=, PASSWRD=, START=, NEWPASS=, GROUP=, ACTINFO=, PGMNAME=, OIDCARD=, or TERMID= parameters.
    ,ENVIR=DELETE  
   
    ,INSTLN=parm list addr parm list addr: A-type address or register (2) – (12)
   
    ,APPL=‘applname’ applname: 1–8 character name
    ,APPL=applname addr applname addr: A-type address or register (2) – (12)
   
    ,ACEE=acee addr acee addr: A-type address or register (2) – (12)
   
    ,SUBPOOL=subpool subpool number: Decimal digit 0–255.
    number  
   
    ,SMC=YES ,SMC=NO Default: SMC=YES
   
    ,PASSCHK=YES Default: PASSCHK=YES
    ,PASSCHK=NO  
   
   
    ,ENCRYPT=YES Default: ENCRYPT=YES
    ,ENCRYPT=NO  
   
    ,STAT=ASIS ,STAT=NO Default: STAT=ASIS
   
   
    ,LOG=ASIS ,LOG=ALL Default: LOG=ASIS
The parameters are explained as follows:
USERID=userid addr
specifies the user identification of the user who has entered the system. The address points to a 1-byte length field, followed by the user ID, which can be up to 8 characters in length.

If the USERID= keyword is omitted, "*" is the default.

When verifying a user ID and password from a user, be sure to validate that the user ID and password contain only alphanumeric characters and are 1–8 characters in length. Additionally, the application should fold this information to uppercase.

,PASSWRD=password addr
specifies the currently defined password of the user who has entered the system. The address points to a 1-byte length field, followed by the password, which can be up to eight characters in length.
,START=procname addr
specifies the process name of a started task. The address points to an 8-byte area containing the process name (left-justified and padded with blanks, if necessary). If you do not specify the USERID keyword, but do specify the START keyword, then RACF® searches the started-procedure table to determine the user ID.
,NEWPASS=new password addr
specifies the password that is to replace the user's currently defined password. The address points to a 1-byte length field, followed by the password, which can be up to eight characters in length.
,GROUP=group addr
specifies the group specified by the user who has entered the system. The address points to a 1-byte length field, followed by the group name, which can be up to eight characters in length.

If the GROUP= keyword is omitted, "*" is the default.

,PGMNAME=programmer name addr
specifies the address of the name of the user who has entered the system. This 20-byte area is passed to the RACINIT installation exit routine; it is not used by the RACINIT routine.
,ACTINFO=account addr
specifies the address of a field containing accounting information. This 144-byte area is passed to the RACINIT installation exit routine; it is not used by the RACINIT routine. The accounting field, if supplied, should have the following format:
  • The first byte of field contains the number (binary) of accounting fields.
  • The following bytes contain accounting fields, where each entry for an accounting field contains a 1-byte length field, followed by the field.
,OIDCARD=oid addr
specifies the address of the currently defined operator-identification card of the user who has entered the system. The address points to a 1-byte length field, followed by the operator-ID card.
,TERMID=terminal addr
specifies the address of the identifier for the terminal through which the user is accessing the system. The address points to an 8-byte area containing the terminal identifier. Information specified by TERMID= on an ENVIR=CREATE can be attached to the created ACEE and used in subsequent RACF processing. RACF does not make its own copy of this area when attaching this information to the created ACEE. This area must not be explicitly freed prior to the deletion of the ACEE. For the same reason, the area must reside in a non-task-related storage subpool so that implicit freeing of the area does not occur.
,JOBNAME=jobname addr
specifies the address of the job name of a background job. The address points to an 8-byte area containing the job name (left-justified and padded with blanks if necessary). The JOBNAME parameter is used by RACINIT during authorization checking to verify the user's authority to submit the job. It is passed to the installation exit routine.
,ENVIR=CREATE
,ENVIR=CHANGE
,ENVIR=DELETE
specifies the action to be performed by the user-initialization component regarding the ACEE:
  • CREATE: The user should be verified and an ACEE created.
  • CHANGE: The ACEE should be modified according to other parameters specified on RACINIT. You can change only the connect group with this option.
  • DELETE: The ACEE should be deleted. This parameter should be used only if a previous RACINIT has completed successfully.

    Recommendation: Issue a RACINIT,ENVIR=DELETE to delete only an ACEE that you created. See Guidelines for changing or deleting an ACEE for alternative options.

,INSTLN=parm list addr
specifies the address of an area containing parameter information meaningful to the RACINIT installation exit routine. This area is passed to the installation exit when the exit routine is given control from the RACINIT routine.

The INSTLN parameter can be used by an installation having a user verification or job initiation application, and wanting to pass information from one installation module to the RACINIT installation exit routine.

,APPL=‘applname
,APPL=applname addr
specifies the name of the application issuing the RACINIT. If an address is specified, the address must point to an 8-byte application name, left-justified and padded with blanks if necessary.
,ACEE=acee addr
specifies the address of the ACEE.

For ENVIR=DELETE: specifies the address of a fullword that contains the address of the ACEE to be deleted. If ACEE= is not specified, and the TCBSENV field for the task using the RACINIT is nonzero, the ACEE pointed to by the TCBSENV is deleted, and TCBSENV is set to zero. If the TCBSENV and ASXBSENV fields both point to the same ACEE, ASXBSENV is also set to zero. If no ACEE address is passed, and TCBSENV is zero, the ACEE pointed to by ASXBSENV is deleted, and ASXBSENV is set to zero.

For ENVIR=CHANGE: specifies the address of a fullword that contains the address of the ACEE to be changed. If ACEE= is not specified, and the TCBSENV field for the task using the RACINIT is nonzero, the ACEE pointed to by the TCBSENV is changed. If TCBSENV is 0, the ACEE pointed to by ASXBSENV is changed.

For ENVIR=CREATE: specifies the address of a fullword into which the RACINIT function places the address of the ACEE created. If an ACEE is not specified, the address of the newly created ACEE is stored in the TCBSENV field of the task control block. If the ASXBSENV field is set to binary zeros, the new ACEE address is also stored in the ASXBSENV field of the ASXB. If the ASXBSENV field is nonzero, it is not modified. The TCBSENV field is set unconditionally.
Note:
  1. If you omit USERID, GROUP, and PASSWRD and if you code ENVIR=CREATE or if ENVIR=CREATE is used as the default, you receive a return code of X'00' and obtain an ACEE that contains an * (X'5C') in place of the user ID and group name.
  2. If ACEE is specified with ENVIR=CREATE, RACF suppresses the creation of a modeling table (MDEL) to reduce the amount of CSA and local system queue area (LSQA) storage required by IMS/VS and CICS/VS installations.
,SUBPOOL=subpool number
specifies the storage subpool from which the ACEE and related storage are obtained. The value of subpool can be literally specified or passed through a register. When literally specified, the valid values are 0 through 255. When you use a register, the subpool number is the value of the least significant byte in the register.
,SMC=YES
,SMC=NO
specifies the use of the step-must-complete function of RACINIT processing. SMC=YES specifies that RACINIT processing should continue to make other tasks for the step non-dispatchable. SMC=NO specifies that the step-must-complete function is not used.
Note: SMC=NO should not be used if DADSM ALLOCATE/SCRATCH functions execute simultaneously in the same address space as the RACINIT function.
,PASSCHK=YES
,PASSCHK=NO
specifies whether the user's password or OIDCARD is to be verified. PASSCHK=YES specifies that RACINIT verifies the user's password or OIDCARD. PASSCHK=NO specifies that the user's password or OIDCARD is not verified.
,ENCRYPT=YES
,ENCRYPT=NO
specifies whether or not RACINIT encodes the old password, the new password, and the OIDCARD data passed to it.

YES signifies that the data specified by the PASSWRD, NEWPASS, and OIDCARD keywords are not pre-encoded. RACINIT encodes the data before storing it in the user profile or using it to compare against stored data. ENCRYPT=YES is the default for this keyword.

NO signifies that the data specified by the PASSWRD, NEWPASS, and OIDCARD keywords are already encoded. RACINIT bypasses the encoding of this data before storing it in or comparing it against the user profile.

,STAT=ASIS|NO
specifies whether the statistics controlled by the installation's options on the RACF SETROPTS command are to be maintained or ignored for this execution of RACINIT. This parameter also controls whether a message is to be issued when the logon is successful.
Note: Messages are always issued if the RACINIT processing is unsuccessful.

If STAT=ASIS is specified or taken by default, the messages and statistics are controlled by the installation's current options on the RACF SETROPTS command.

If STAT=NO is specified, the statistics are not updated. And if the logon is successful, no message is issued.

The default is STAT=ASIS.

,LOG=ASIS|ALL
specifies when log records are to be generated.

If LOG=ASIS is specified or defaulted to, only those attempts to create an ACEE that fails generate RACF log records.

If LOG=ALL is specified, any request to create an ACEE, regardless of whether it succeeds or fails, generates a RACF log record. The default is LOG=ASIS.

Parent topic: Independent RACF system macros

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014