Usage notes

The caller is in supervisor state, so the task and address space ACEEs are not checked. Therefore, for example, an authorized caller may extract KERB segment fields, or update the invalid key count, for any user who has a KERB segment.
This service returns fields that have been previously populated. Associated with the returned fields is a length indicator. The length indicator is set to zero if a field does not exist.
If RACF_name and KERB_name are both provided for function X'01', R_kerbinfo will use RACF_name.
If RACF_name is provided for any function other than X'01', a parameter list error will be returned.
If KERB_name is not supplied on a function X'04' request (the first character is NULL), information about the local z/OS Kerberos Security Server, KERBDFLT, will be returned. Alternatively, KERB_name may be explicitly set to KERBDFLT.
It is the responsibility of the caller to obtain and free the Data_area. If the fields to be retrieved from RACF® are larger than the Data_area, RACF fails the request and returns an error. If the size of the Data_area structure is sufficient to contain this value, the Data_area length (offset 0) is set to the total length required.
Field level access checking does not occur when retrieving fields with this service.
Field names are returned as 8-character fields, left-justified, and padded with blanks. They are specified in uppercase.
Fields that are not applicable for a function code, such as USERID for function code X'04', will be returned with the length set to zero.
If function code X'02' causes a user to be revoked, an ICH408I message will be issued and an SMF Type 80 record will be cut.
If the length of data_area structure specified is less than the minimum length defined in the parameter description a subset of the data will be returned unless it is less than 838 bytes which will result in return and reason codes 8,8,24.