CAS9INIT CAIRIM Initialization Routine

Invoke the CAS9INIT initialization routine to control various functions of CAISSF and CA LMP dynamically.
ccsfzos15
As a systems programmer, you want to refresh components and control various functions of CA International Standard Security Facility (CAISSF) dynamically. The CAS9INIT initialization routine lets you do so, offering the following advantages:
  • Ensures that the latest version of CAISSF is loaded and executed
  • Shares one set of CAISSF routines across all address spaces
  • Re-initializes the CAISSF routines through the execution of CAIRIM (if maintenance is applied)
  • Deletes the CAISSF routines through the execution of CAIRIM (if desired)
  • Refreshes CA LMP
  • Refreshes the CAIMB838 SMF intercept
  • Refreshes the CA Health Checker common service infrastructure model
  • Refreshes the Serviceability subcomponent in the common storage
CAS9INIT Parameter Statement
To invoke CAS9INIT functions, add the following parameter statement in the CAIRIM PARMLIB member,
CAW0OPTN(CARIMPRM)
:
CAIRIM control statements cannot go beyond column 72.
PRODUCT(CAIRIM) VERSION(CAS9) INIT(CAS9INIT) PARM(
keyword
(
value
))
  • keyword(value)
    • REFRESH
      Specifies to refresh the indicated components. For example, after maintenance.
      • LMP
        Specifies to refresh CA LMP.
      • MB838
        Specifies to refresh the CAIMB838 SMF intercept.
      • SSF
        Specifies to refresh CAISSF.
      • HCHECK
        Specifies to refresh the CA Health Checker common service.
      • SERVABIL
        Specifies to refresh the Serviceability subcomponent.
      The keyword can have multiple values.
    Example: Refresh three components
    In this example, we refresh CAISSF, the CAIMB838 SMF intercept, and CA LMP.
    PRODUCT(CAIRIM) VERSION(CAS9) INIT(CAS9INIT) - PARM(
    REFRESH
    (
    SSF
    ,
    MB838
    ,
    LMP
    ))
    Example: Refresh CAISSF
    In this example, we refresh CAISSF only.
    PRODUCT(CAIRIM) VERSION(CAS9) INIT(CAS9INIT) PARM(
    REFRESH
    (
    SSF
    ))
    Example: Refresh CA Health Checker
    In this example, we refresh CA Health Checker only.
    PRODUCT(CAIRIM) VERSION(CAS9) INIT(CAS9INIT) PARM(
    REFRESH
    (
    HCHECK
    ))
    Example: Refresh Serviceability
    In this example, we refresh the Serviceability subcomponent only.
    PRODUCT(CAIRIM) VERSION(CAS9) INIT(CAS9INIT) PARM(
    REFRESH
    (
    SERVABIL
    ))
  • SSF
    Specifies how you control CAISSF:
    • ACF2
      Specifies to enable CAISSF to initialize before
      CA ACF2™ for z/OS
      .
    • TSS
      Specifies to enable CAISSF to initialize before
      CA Top Secret® for z/OS
      .
    • RACF
      Specifies to enable CAISSF to initialize before IBM RACF.
    • DELETE
      Specifies to remove CAISSF.
    • NONE
    • REINIT
      Specifies to reinitialize CAISSF.
    Example: Enable CAISSF to initialize before
    CA Top Secret
    In this example, we enable CAISSF to initialize before
    CA Top Secret
    initializes.
    PRODUCT(CAIRIM) VERSION(CAS9) INIT(CAS9INIT) PARM(
    SSF
    (
    TSS
    ))
If you do not specify PARM in the statement, CAS9INIT initializes CAISSF.
How CAS9INIT Initializes CAISSF When Security Product Is Inactive
If CAS9INIT does not find an active security product, the following messages are issued to the system, prompting the operator to identify the security product. For example, CAS9INIT might not find an active security product when CAIRIM runs before the security product becomes active.
CAS9075I - SERVICE(CA-RIM/BASE ) VERS(1200) GENLVL(0808AW000) CAS9115I - INPUT: * CAS9115I - INPUT: PRODUCT(CAIRIM) VERSION(CAS9) INIT(CAS9INIT) CAS9025A -
NO SECURITY SYSTEM AVAILABLE
00 CAS9026A -
REPLY WITH SECURITY SYSTEM,"ACF2","TSS","RACF" OR "N" TO CANCEL
If the reply identifies the security product, CAS9INIT continues to initialize CAISSF.
If the reply is N, the following message is issued, and CAS9INIT fails to initialize CAISSF:
CAS9021E ENVIRONMENT ERROR DETECTED. UNABLE TO ADD CAISSF ROUTINES
To bypass the operator prompt, add the following parameter statement in the CAIRIM parmlib member, CAW0OPTN(CARIMPRM):
PRODUCT(CAIRIM) VERSION(CAS9) INIT(CAS9INIT) PARM(SSF(
value
))
  • value
    Specifies an external security manager of
    ACF2
    (
    CA ACF2
    ),
    TSS
    (
    CA Top Secret
    ), or
    RACF
    (IBM RACF).
CAISSF RACF Class Table Parameters
CAISSF requires a RACF Class table to identify how security calls are processed. A default table is created, but certain CA products require more entries. The related product documentation describes the entries. The control statements for this table are read from a CAIRACF DD statement if it is present in the CAS9 procedure. Each of the statements has the following format:
RACFCLASS
CA-solution classname,translated classname
, FASTAUTH=NO|YES,CICS=NO|YES
Any statement with an asterisk (*) in column 1 is ignored. The operation is RACFCLASS, and at least one blank must follow it.
  • CA-solution classname
    Specifies the value of the class name that the CA application uses.
  • translated classname
    Specifies the value that IBM RACF uses to verify proper authorization for access to the given class.
  • FASTAUTH=YES
    Specifies that Fast RACHECK (FRACHECK) is used to authenticate access to the given class.
    Default
    : FASTAUTH=NO
  • CICS=YES
    Specifies that Fast RACHECK is used with a CICS application. CICS=YES implies FASTAUTH=YES.
    Default
    : CICS=NO, which means this class entry is not used under CICS.