68 RACF Remote Sharing Facility over TCP/IP
Give the RACF subsystem user ID read access to IRR.DIGTCERT.LISTRING in the
FACILITY Class. Connect the node server certificate as default
If connection fails due to keyring problems, make sure that the PAGENT reads the keyring
again. Change the EnvironmentUserInstance value in the Policy Rule and then issue the F
PAGENT,update command.
3.5 Updating TCP/IP to enable RRSF
Before you can use TCP/IP for RRSF, you need to update TCP/IP to enable the function and
modify the TCP/IP Profile data set. Perform the following steps:
1. Enable AT-TLS
2. Define and protect the RRSF port 18136
3.5.1 Enabling AT-TLS
Enable AT-TLS in the TCP/IP profile by adding the TTLS parameter to the TCPCONFIG
profile statement in each stack that is to support AT-TLS (Example 3-22).
Example 3-22 Enabling AT-TLS in the TCP/IP profile
3.5.2 Defining and protecting RRSF port 18136
Define port 18136 and reserve it for the RRSF function. The example environment has the
SAF key word RRSF specified to protect the port by using a RACF profile. The updated
statements to define the RRSF port in the TCP/IP profile are shown in Example 3-23.
Example 3-23 Define the RRSF port
;; RRSF port should be reserved. The default port value is 18136.
18136 TCP * SAF RRSF ; RRSF listener port
Define a generic profile EZB.PORTACCESS.*.*.RRSF in class SERVAUTH to protect the
RRSF TCP/IP port, and give the RACF user ID access to it.
Attention: Never use the signing certificate to sign anything but RRSF certificates.
Tip: You can find the sample started task procedure for PAGENT in
Attention: The SAF keyword you specify in the PORT statement of the TCP/IP Profile
must match the lowest level qualifier of the RACF profile. In the example environment, this
keyword is RRSF.

Get RACF Remote Sharing Facility over TCP/IP now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.