To configure RACF so that DCAS can run as a system daemon, follow the steps and examples in this section.
In the sample RACF commands below, italicized items should be replaced with values appropriate for your environment.
NOTE:For information on RACF commands, refer to these References: OS/390 SecureWay® Security Server RACF Security Administrator's Guide and OS/390 SecureWay® Security Server RACF Command Language Reference.
The DCAS server runs as a system daemon and must be started under a controlled user ID that has superuser authority (that is, not an end-user or system programmer user ID). To define the user ID to use OMVS services, use the following command:
ADDUSER dcasid DFLTGRP(OMVSGRP) OMVS(UID(0) HOME('/'))
where dcasid is the name of the user ID.
Starting DCAS from an MVS procedure requires that the user ID from which it is started have access to the MVS.SERVMGR.DCAS resource in the OPERCMDS class. To provide this access, use the following commands:
RDEFINE OPERCMDS (MVS.SERVMGR.DCAS) UACC(NONE) PERMIT MVS.SERVMGR.DCAS CLASS(OPERCMDS) ACCESS(CONTROL) ID
If DCAS is started as an MVS procedure, you will need the following RACF definition:
RDEFINE STARTED DCAS.* STDATA(USER(dcasid))
SETR RACLIST(STARTED) REFRESH
where dcasid is the name of the user ID.
If CLIENTAUTH LOCAL2 is coded in the DCAS configuration file, at a minimum, you must use RACF to associate the certificate with a valid user ID. You can do this using the RACDCERT ADD command. The user ID could be the one associated with DCAS itself or it could be any valid user ID. If you want additional checking, you must activate the SERVAUTH class and define an EZA.DCAS.cvtsysname profile with the user ID associated with the client certificate to access the profile.