XUA: System response is delayed when logging onto a TACL via an SSH session

XUA: System response is delayed when logging onto a TACL via an SSH session

1. Ask the customer to check the ELP_OBJECT value for the affected STN process in STNCOM. 

    a. STNCOM $<proc name>                                        (Where $<proc name> is the name of the desired STN process, e.g. $ZPTY) 

    If the STN process name isn't known, do a "STATUS *, PROG $SYSTEM.ZSSH.STN" to list all active STN processes

    From STNCOM: 

    b. INFO PROCESS $<proc name> 

   The value for ELP_OBJECT should be ELP in order to prevent deadlocks. If it is not, change it to ELP. To change the value, proceed as follows from the STNCOM prompt: 

    % ELP_OBJECT ELP 

2. In addition to the Safeguard diskfile ACL for the STN object, make sure that there are also Safeguard diskfile ACLs for the following objects: 

    $SYSTEM.ZSSH.SSH2 
    $SYSTEM.ZSSH.ELP 
    $SYSTEM.ZSSH.SFTPSERV 

    These diskfile ACLs must exist with PRIV-LOGON ON. If they do not exist, add them.  See the XUA manual, Chapter 18, Configuring XUA for SAFEGUARD-PRIVLOGON.

     Example: 

     a. Logon as SUPER.SUPER or the proper designated user id and: 

     b. SAFECOM ADD DISKFILE $SYSTEM.ZSSH.ELP,PRIV-LOGON ON, ACCESS \*.*,* (R,E) 



3. A UAGROUP (SAFEGUARD-PRIVLOGON) must be in place in the UAACL file that includes $SYSTEM.ZSSH.ELP
 
    EXAMPLE: 
    --------------- 

    UAGROUP SAFEGUARD-PRIVLOGON 
       ! To allow PRIV-LOGON 
        DESCRIPTION "Safeguard Privlogon feature" 
        FROM_USER $EVERYONE-NET 
        TO_USER $EVERYONE 
        REQUESTOR $SYSTEM.ZSSH.SSH2 
        $SYSTEM.ZSSH.ELP 
        $SYSTEM.ZSSH.STN 
        $SYSTEM.ZSSH.SFTPSERV 
        SAFEGUARD_PRIVLOGON ON 
        AUDIT_ACCESS_PASS ON 
        AUDIT_ACCESS_FAIL ON 
        LDAP_AUTHENTICATE OFF 


    • Related Articles

    • Audited OSS session abends after system over via EXPAND

      XYGATEOA is attempting to open the XYGATEAC process that started it and expects that process to be on the same node. Execute system over to another system. Ex., \GALAXY TACL> SYSTEM \EST1983 Initiate TACL audited session using XAC after system over. ...
    • XAC: How to configure keystroke auditing for TACL SSH sessions

      Use the following steps to configure XAC auditing for SSH. Add the XAC command. The XAC command requires the following keywords to be included. USER_IGNORED START_LOGGED_ON USER_SWITCH SAFEGUARD_PRIVLOGON Note: If XYGATE User Authentication (XUA) is ...
    • XAC: Non-SSH TACL Sessions Timing Out

      Check the Timeout Value setting for the telserv process: 1. SCF 2. INFO PROCESS $<telserv process>, DETAIL (where $<telserv process> is the telserv process that started the session, e.g. $ZTN0) Example: 3-> info process $ztn0,detail TELSERV Detailed ...
    • XAC: How to configure XAC TACLs for static SSH windows

      Add a static service via the SSH STNCOM utility Example: STNCOM $<process name> (Where $<process name> is the name of a valid STN process, e.g. $ZPTY ADD SERVICE AUDTACL, TYPE STATIC 2. The service added in step #1 will need several static windows ...
    • XAC: How to configure keystroke auditing for OSS SSH sessions

      Use the following steps to configure XAC auditing for SSH. Add the XAC command. The XAC command requires the following keywords to be included. USER_IGNORED START_LOGGED_ON USER_SWITCH SAFEGUARD_PRIVLOGON Note: If XYGATE User Authentication (XUA) is ...