CAS9INIT CAIRIM Initialization Routine
Invoke the CAS9INIT initialization routine to control various functions of CAISSF and CA LMP dynamically.
As a systems programmer, you want to refresh components and control various functions of CA International Standard Security Facility (CAISSF) dynamically. The CAS9INIT initialization routine lets you do so, offering the following advantages:
- Ensures that the latest version of CAISSF is loaded and executed
- Shares one set of CAISSF routines across all address spaces
- Re-initializes the CAISSF routines through the execution of CAIRIM (if maintenance is applied)
- Deletes the CAISSF routines through the execution of CAIRIM (if desired)
- Refreshes CA LMP
- Refreshes the CAIMB838 SMF intercept
- Refreshes the CA Health Checker common service infrastructure model
- Refreshes the Serviceability subcomponent in the common storage
CAS9INIT Parameter Statement
To invoke CAS9INIT functions, add the following parameter statement in the CAIRIM PARMLIB member,
CAIRIM control statements cannot go beyond column 72.
PRODUCT(CAIRIM) VERSION(CAS9) INIT(CAS9INIT) PARM(keyword(value))
Example: Refresh three componentsIn this example, we refresh CAISSF, the CAIMB838 SMF intercept, and CA LMP.PRODUCT(CAIRIM) VERSION(CAS9) INIT(CAS9INIT) - PARM(REFRESH(SSF,MB838,LMP))Example: Refresh CAISSFIn this example, we refresh CAISSF only.PRODUCT(CAIRIM) VERSION(CAS9) INIT(CAS9INIT) PARM(REFRESH(SSF))Example: Refresh CA Health CheckerIn this example, we refresh CA Health Checker only.PRODUCT(CAIRIM) VERSION(CAS9) INIT(CAS9INIT) PARM(REFRESH(HCHECK))Example: Refresh ServiceabilityIn this example, we refresh the Serviceability subcomponent only.PRODUCT(CAIRIM) VERSION(CAS9) INIT(CAS9INIT) PARM(REFRESH(SERVABIL))
- REFRESHSpecifies to refresh the indicated components. For example, after maintenance.
- LMPSpecifies to refresh CA LMP.
- MB838Specifies to refresh the CAIMB838 SMF intercept.
- SSFSpecifies to refresh CAISSF.
- HCHECKSpecifies to refresh the CA Health Checker common service.
- SERVABILSpecifies to refresh the Serviceability subcomponent.
- SSFSpecifies how you control CAISSF:
Example: Enable CAISSF to initialize beforeCA Top SecretIn this example, we enable CAISSF to initialize beforeCA Top Secretinitializes.PRODUCT(CAIRIM) VERSION(CAS9) INIT(CAS9INIT) PARM(SSF(TSS))
- ACF2Specifies to enable CAISSF to initialize beforeCA ACF2™ for z/OS.
- TSSSpecifies to enable CAISSF to initialize beforeCA Top Secret® for z/OS.
- RACFSpecifies to enable CAISSF to initialize before IBM RACF.
- DELETESpecifies to remove CAISSF.
- REINITSpecifies to reinitialize CAISSF.
If you do not specify PARM in the statement, CAS9INIT initializes CAISSF.
How CAS9INIT Initializes CAISSF When Security Product Is Inactive
If CAS9INIT does not find an active security product, the following messages are issued to the system, prompting the operator to identify the security product. For example, CAS9INIT might not find an active security product when CAIRIM runs before the security product becomes active.
CAS9075I - SERVICE(CA-RIM/BASE ) VERS(1200) GENLVL(0808AW000) CAS9115I - INPUT: * CAS9115I - INPUT: PRODUCT(CAIRIM) VERSION(CAS9) INIT(CAS9INIT) CAS9025A -NO SECURITY SYSTEM AVAILABLE00 CAS9026A -REPLY WITH SECURITY SYSTEM,"ACF2","TSS","RACF" OR "N" TO CANCEL
If the reply identifies the security product, CAS9INIT continues to initialize CAISSF.
If the reply is N, the following message is issued, and CAS9INIT fails to initialize CAISSF:
CAS9021E ENVIRONMENT ERROR DETECTED. UNABLE TO ADD CAISSF ROUTINES
To bypass the operator prompt, add the following parameter statement in the CAIRIM parmlib member, CAW0OPTN(CARIMPRM):
PRODUCT(CAIRIM) VERSION(CAS9) INIT(CAS9INIT) PARM(SSF(value))
- valueSpecifies an external security manager ofACF2(CA ACF2),TSS(CA Top Secret), orRACF(IBM RACF).
CAISSF RACF Class Table Parameters
CAISSF requires a RACF Class table to identify how security calls are processed. A default table is created, but certain CA products require more entries. The related product documentation describes the entries. The control statements for this table are read from a CAIRACF DD statement if it is present in the CAS9 procedure. Each of the statements has the following format:
RACFCLASSCA-solution classname,translated classname, FASTAUTH=NO|YES,CICS=NO|YES
Any statement with an asterisk (*) in column 1 is ignored. The operation is RACFCLASS, and at least one blank must follow it.
- CA-solution classnameSpecifies the value of the class name that the CA application uses.
- translated classnameSpecifies the value that IBM RACF uses to verify proper authorization for access to the given class.
- FASTAUTH=YESSpecifies that Fast RACHECK (FRACHECK) is used to authenticate access to the given class.Default: FASTAUTH=NO
- CICS=YESSpecifies that Fast RACHECK is used with a CICS application. CICS=YES implies FASTAUTH=YES.Default: CICS=NO, which means this class entry is not used under CICS.