//IZUSEC JOB MSGCLASS=C,MSGLEVEL=(1,1),USER=IBMUSER,NOTIFY=IBMUSER //******************************************************************** //* PROPRIETARY STATEMENT: * //* Licensed Materials - Property of IBM * //* 5650-ZOS * //* Copyright IBM Corp. 2014, 2019 * //* * //* Status = HSMA240 * //*------------------------------------------------------------------* //* * //* DESCRIPTIVE NAME: * //* z/OSMF SERVER default security setup * //* * //* The JCL contains the security setup for z/OSMF server. * //* You can customize this JCL to create a security setup * //* for the z/OSMF Server as you wish. * //* * //* NOTE: The V2R4 step is added to the IZUSEC job in this * //* release. The V2R4 step contains the profiles that are new in * //* z/OS V2R4. If you have previously installed and configured * //* z/OSMF, step V2R4 is the only step you need to run. * //* * //******************************************************************** //* * //* This job must be run using a user ID that has the RACF SPECIAL * //* attribute. * //* * //* This job assumes that the BPX.NEXT.USER profile has been * //* defined in the FACILITY class to enable the use of AUTOUID * //* and AUTOGID. See the topic "Automatically assigning unique * //* IDs through UNIX services" in z/OS Security Server RACF * //* Security Administrator's Guide for additional information * //* about automatic UID and GID assignment. If this function has * //* not been enabled, you must assign unique UIDs to the IZUSVR * //* and IZUGUEST user IDs, and unique GIDs to the groups * //* IZUADMIN, IZUSECAD, IZUUSER, and IZUUNGRP. * //* * //******************************************************************** //* //* This step sets up z/OSMF core security settings. //* //STEP1 EXEC PGM=IKJEFT01 //SYSPRINT DD SYSOUT=* //SYSTSPRT DD SYSOUT=* //SYSTSIN DD * /* Create the CA certificate for the z/OSMF server */ RACDCERT CERTAUTH GENCERT + SUBJECTSDN(CN('z/OSMF CertAuth for Security Domain') + OU('IZUDFLT')) WITHLABEL('zOSMFCA') + TRUST NOTAFTER(DATE(2025/05/17)) RACDCERT ADDRING(IZUKeyring.IZUDFLT) ID(IZUSVR) /* Create the server certificate for the z/OSMF server */ /* Change HOST NAME in CN field into real local host name */ /* Usually the format of the host name is 'XXXX.XXX.XXX.XXX' */ RACDCERT ID( IZUSVR ) GENCERT SUBJECTSDN(CN('S0W1.EMUFRAMEZOS.COM') + O('IBM') OU('IZUDFLT')) WITHLABEL('DefaultzOSMFCert.IZUDFLT'), + SIGNWITH(CERTAUTH LABEL('zOSMFCA')) NOTAFTER(DATE(2025/05/17)) RACDCERT ALTER(LABEL('DefaultzOSMFCert.IZUDFLT')) ID(IZUSVR) TRUST RACDCERT ID( IZUSVR ) CONNECT (LABEL('DefaultzOSMFCert.IZUDFLT') + RING(IZUKeyring.IZUDFLT) DEFAULT) RACDCERT ID( IZUSVR ) CONNECT (LABEL('zOSMFCA') + RING(IZUKeyring.IZUDFLT) CERTAUTH) SETROPTS RACLIST(DIGTCERT, DIGTRING) REFRESH /*