XUA: System response is delayed when logging onto a TACL via an SSH session
1. Ask the customer to check the ELP_OBJECT value for the affected STN process in STNCOM.
a. STNCOM $<proc name> (Where $<proc name> is the name of the desired STN process, e.g. $ZPTY)
If the STN process name isn't known, do a "STATUS *, PROG $SYSTEM.ZSSH.STN" to list all active STN processes
From STNCOM:
b. INFO PROCESS $<proc name>
The value for ELP_OBJECT should be ELP in order to prevent deadlocks. If it is not, change it to ELP. To change the value, proceed as follows from the STNCOM prompt:
% ELP_OBJECT ELP
2. In addition to the Safeguard diskfile ACL for the STN object, make sure that there are also Safeguard diskfile ACLs for the following objects:
$SYSTEM.ZSSH.SSH2
$SYSTEM.ZSSH.ELP
$SYSTEM.ZSSH.SFTPSERV
These diskfile ACLs must exist with PRIV-LOGON ON. If they do not exist, add them. See the XUA manual, Chapter 18, Configuring XUA for SAFEGUARD-PRIVLOGON.
Example:
a. Logon as SUPER.SUPER or the proper designated user id and:
b. SAFECOM ADD DISKFILE $SYSTEM.ZSSH.ELP,PRIV-LOGON ON, ACCESS \*.*,* (R,E)
3. A UAGROUP (SAFEGUARD-PRIVLOGON) must be in place in the UAACL file that includes $SYSTEM.ZSSH.ELP
EXAMPLE:
---------------
UAGROUP SAFEGUARD-PRIVLOGON
! To allow PRIV-LOGON
DESCRIPTION "Safeguard Privlogon feature"
FROM_USER $EVERYONE-NET
TO_USER $EVERYONE
REQUESTOR $SYSTEM.ZSSH.SSH2
$SYSTEM.ZSSH.ELP
$SYSTEM.ZSSH.STN
$SYSTEM.ZSSH.SFTPSERV
SAFEGUARD_PRIVLOGON ON
AUDIT_ACCESS_PASS ON
AUDIT_ACCESS_FAIL ON
LDAP_AUTHENTICATE OFF
Related Articles
Audited OSS session abends after system over via EXPAND
XYGATEOA is attempting to open the XYGATEAC process that started it and expects that process to be on the same node. Execute system over to another system. Ex., \GALAXY TACL> SYSTEM \EST1983 Initiate TACL audited session using XAC after system over. ...
XAC: How to configure keystroke auditing for TACL SSH sessions
Use the following steps to configure XAC auditing for SSH. Add the XAC command. The XAC command requires the following keywords to be included. USER_IGNORED START_LOGGED_ON USER_SWITCH SAFEGUARD_PRIVLOGON Note: If XYGATE User Authentication (XUA) is ...
XAC: Non-SSH TACL Sessions Timing Out
Check the Timeout Value setting for the telserv process: 1. SCF 2. INFO PROCESS $<telserv process>, DETAIL (where $<telserv process> is the telserv process that started the session, e.g. $ZTN0) Example: 3-> info process $ztn0,detail TELSERV Detailed ...
XAC: How to configure XAC TACLs for static SSH windows
Add a static service via the SSH STNCOM utility Example: STNCOM $<process name> (Where $<process name> is the name of a valid STN process, e.g. $ZPTY ADD SERVICE AUDTACL, TYPE STATIC 2. The service added in step #1 will need several static windows ...
XAC: How to configure keystroke auditing for OSS SSH sessions
Use the following steps to configure XAC auditing for SSH. Add the XAC command. The XAC command requires the following keywords to be included. USER_IGNORED START_LOGGED_ON USER_SWITCH SAFEGUARD_PRIVLOGON Note: If XYGATE User Authentication (XUA) is ...