CA Top Secret Security for z/os CA RS 1309 Service List

Transcription

1 CA Top Secret Security for z/os CA RS 1309 Service List Description Hiper 15.0 RO53949 TSSAUDIT UTILITY ENHANCEMENTS RO53950 TSSCHART UTILITY ENHANCEMENTS RO53994 TSSUTIL ENHANCEMENTS RO54303 TSSSIM 255-CHAR-LENGTH ENTITY NAMES SUPPORT RO54858 ABEND S0C4 IN TSSCPF+54EC RO54984 NEWCOPY FAILS FOR SUFFIXED PGMS AFTER TSEU=NEWC=CAKSLMT RO55033 TSSCFILE PASSPHRASE EXP. DATE MISSING CHARACTER RO55378 KTRT ALLOCATION ENQUE ON USADLOCK RO55513 CPF SPOOL FILES UNAVAILABLE IF JES3 STARTS AFTER TSS RO55968 S0C4 ABEND TSSUTIL +4B8E WITH LONG RESOURCE NAME RO56362 CFILE: LINKNAME OR REALNAME TRUNCATED ON KERBLINK RO57586 EXEC CICS START FAILS WITH RESP=70 RESP2=9 RO57685 CASECAUT ADDITIONAL OPTIONS COVERED RO57834 PROBLEMS HANDLING 2-BYTE RESCODE RESOURCES RO57887 S0C4 TSSMVS1+1C36 AFTER JOB ABENDS SB37-4 RO57893 S0C4 ABEND COMPARING ADMIN AUTHORITIES ON ACIDS RO57994 ADD RECOVERY CODE WHEN ABEND HOLDING SAFISUI2 RESOURCE RO58021 TSS INPROPERLY LOGS CONTROL OPTION QUERIES AS CHANGES RO58285 U751 ABEND DURING CICS INITIALIZATION RO58318 EXPAND CASECAUT PROTECTION TO INCLUDE MODIFY VIA CONSOLE RO58366 AES PASSWORD VERIFICATION FAILS WHEN STCACT SPECIFIED RO58398 S0C4 TSS00KKY+1360 ON ADD() KERBNAME() RO58497 TSEU=TRACE=ON FAILS FOR CTS 4.1 RO58561 ABEND U0002 IN TSSCPF IF CPF RECOVERY FILE ACCESS IS SLOW RO58980 DETECT USERS OF BPX.DEFAULT.USER RO59130 VARIOUS UPDATES RELATED TO LIST/ARCHIVE COMMAND OUTPUT RO59203 NO ACID(MAINTAIN) CHECK OR HOME/OMVSPGM RO59314 S0C7 TSSAUTHW+1E5C ON A TSS WHOHAS OPTIME(00:30) RO59441 LDS TCB ABEND WHEN JES3 STARTS AFTER TSS WITH LDS(ON) RO59666 TSS9410E UNKNOWN CLASSNAME (DATASET) FOR SVC (RACDEF) RO59797 NON EXPIRED XAUTH PROFILE SHOWS EXPIRED IN CFILE 2801 RO59808 PDS MEMBER LEVEL SECURITY RELEASING LOCAL LOCK RO59814 CONVERTING INITVSAM=YES TO INITVSAM=DIGICERT RO60151 SOURCES INCORRECTLY ADDED TO ORG ACIDS RO60786 SURROGATE VIOLATION AFTER RO44835 RO61247 COMPARE COMMAND LOOPS PROCESSOR **HIPER** The CA RS 1309 service count for this release is 36

2 CA Top Secret Security for z/os CA RS 1309 Service List Description Hiper 14.0 RO57332 Truncated LINKNAME or REALNAME on CFILE RO57410 KTRT allocation enque on USADLOCK in CICS. RO57417 MSCA CANNOT SEE PASSWORD *NOPW* RO58134 CICS ABEND DURING SHUTDOWN USING IDID RO58254 TSSCFILE KERBLINK INFO MISSING RO58783 ABEND S0C4 IN TSSCPF+54EC RO58928 TSEU=TRACE=ON FAILS FOR CTS 4.1 RO59225 START FAILS WITH RESP=70 RESP2=9 The CA RS 1309 service count for this release is 8

3 CA Top Secret Security for z/os 3 CA RS 1309 Service List for CAKOF00 FMID Service Description Hiper CAKOF00 RO53949 TSSAUDIT UTILITY ENHANCEMENTS RO53950 TSSCHART UTILITY ENHANCEMENTS RO53994 TSSUTIL ENHANCEMENTS RO54303 TSSSIM 255-CHAR-LENGTH ENTITY NAMES SUPPORT RO54858 ABEND S0C4 IN TSSCPF+54EC RO55033 TSSCFILE PASSPHRASE EXP. DATE MISSING CHARACTER RO55513 CPF SPOOL FILES UNAVAILABLE IF JES3 STARTS AFTER TSS RO55968 S0C4 ABEND TSSUTIL +4B8E WITH LONG RESOURCE NAME RO56362 CFILE: LINKNAME OR REALNAME TRUNCATED ON KERBLINK RO57685 CASECAUT ADDITIONAL OPTIONS COVERED RO57834 PROBLEMS HANDLING 2-BYTE RESCODE RESOURCES RO57887 S0C4 TSSMVS1+1C36 AFTER JOB ABENDS SB37-4 RO57893 S0C4 ABEND COMPARING ADMIN AUTHORITIES ON ACIDS RO57994 ADD RECOVERY CODE WHEN ABEND HOLDING SAFISUI2 RESOURCE RO58021 TSS INPROPERLY LOGS CONTROL OPTION QUERIES AS CHANGES RO58318 EXPAND CASECAUT PROTECTION TO INCLUDE MODIFY VIA CONSOLE RO58366 AES PASSWORD VERIFICATION FAILS WHEN STCACT SPECIFIED RO58398 S0C4 TSS00KKY+1360 ON ADD() KERBNAME() RO58561 ABEND U0002 IN TSSCPF IF CPF RECOVERY FILE ACCESS IS SLOW RO58980 DETECT USERS OF BPX.DEFAULT.USER RO59130 VARIOUS UPDATES RELATED TO LIST/ARCHIVE COMMAND OUTPUT RO59203 NO ACID(MAINTAIN) CHECK OR HOME/OMVSPGM RO59314 S0C7 TSSAUTHW+1E5C ON A TSS WHOHAS OPTIME(00:30) RO59441 LDS TCB ABEND WHEN JES3 STARTS AFTER TSS WITH LDS(ON) RO59666 TSS9410E UNKNOWN CLASSNAME (DATASET) FOR SVC (RACDEF) RO59797 NON EXPIRED XAUTH PROFILE SHOWS EXPIRED IN CFILE 2801 RO59808 PDS MEMBER LEVEL SECURITY RELEASING LOCAL LOCK RO59814 CONVERTING INITVSAM=YES TO INITVSAM=DIGICERT RO60151 SOURCES INCORRECTLY ADDED TO ORG ACIDS RO61247 COMPARE COMMAND LOOPS PROCESSOR **HIPER** The CA RS 1309 service count for this FMID is 30

4 CA Top Secret Security for z/os 4 CA RS 1309 Service List for CAKOF01 FMID Service Description Hiper CAKOF01 RO54984 NEWCOPY FAILS FOR SUFFIXED PGMS AFTER TSEU=NEWC=CAKSLMT RO55378 KTRT ALLOCATION ENQUE ON USADLOCK RO57586 EXEC CICS START FAILS WITH RESP=70 RESP2=9 RO58285 U751 ABEND DURING CICS INITIALIZATION RO58497 TSEU=TRACE=ON FAILS FOR CTS 4.1 RO60786 SURROGATE VIOLATION AFTER RO44835 The CA RS 1309 service count for this FMID is 6

5 CA Top Secret Security for z/os 5 CA RS 1309 Service List for CKOE000 FMID Service Description Hiper CKOE000 RO57332 Truncated LINKNAME or REALNAME on CFILE RO57417 MSCA CANNOT SEE PASSWORD *NOPW* RO58134 CICS ABEND DURING SHUTDOWN USING IDID RO58254 TSSCFILE KERBLINK INFO MISSING RO58783 ABEND S0C4 IN TSSCPF+54EC The CA RS 1309 service count for this FMID is 5

6 CA Top Secret Security for z/os 6 CA RS 1309 Service List for CKOE010 FMID Service Description Hiper CKOE010 RO57410 KTRT allocation enque on USADLOCK in CICS. RO58928 TSEU=TRACE=ON FAILS FOR CTS 4.1 RO59225 START FAILS WITH RESP=70 RESP2=9 The CA RS 1309 service count for this FMID is 3

7 CA Top Secret Security for z/os CA RS PTF RO RO53949 RO53949 M.C.S. ENTRIES = ++PTF (RO53949) TSSAUDIT UTILITY ENHANCEMENTS This solution introduces updates for the TSSAUDIT utility. This solution adds the following changes: 1) DATE keyword enhancement: The DATE keyword can now specify dates or date ranges in the past. I.E: DATE(-01,-01) shows all events from yesterday; DATE(-14,-07) shows all events from the previous week. Can also specify Julian dates instead. 2) TIME keyword enhancement: The TIME keyword can now be leveraged to filter on specific start times or start/stop time ranges. I.E: TIME(080000,160000) shows all events from 8a.m. until 4p.m. These updates are inline with the existing DATE/TIME keyword usage already available with the TSSUTIL utility. See the CA Top Secret Report and Tracking Guide for more details on this usage. Not applicable. Not applicable. Not applicable. TSSMVS 9311 Copyright (C) 2013 CA. All rights reserved. R00705-TSS150-SP1 DESC(TSSAUDIT UTILITY ENHANCEMENTS). SUP ( TR24362 AR24362 RO24362 TR46218 RO46218 TR49435 RO49435 TR53949 ) ++HOLD (RO53949) SYSTEM FMID(CAKOF00) REASON (ACTION ) DATE (13072) After APPLY, LLA refresh required to install this APAR. Enhance DATE and TIME keywords for TSSAUDIT utility. All users that leverage the TSSAUDIT utility. Security Administration Security authorization to run TSSAUDIT. Edit and submit JCL as needed.

8 CA Top Secret Security for z/os CA RS PTF RO RO53950 RO53950 M.C.S. ENTRIES = ++PTF (RO53950) TSSCHART UTILITY ENHANCEMENTS This solution introduces updates for the TSSCHART utility. This solution adds the following changes: 1) The output flow of TSSCHART is presented in a more logical format. Data pertaining to a particular ACID (i.e. owned resources, attached ACIDs, etc.) will be grouped together with the data for the ACID itself (i.e. ACID Name, Type, Size, etc. 2) Option to print TSSCHART output in PORTRAIT or LANDSCAPE format. To specify PORTRAIT or LANDSCAPE printing, specify the LAYOUT keyword in the JCL. PORTRAIT - LAYOUT(PO), LANDSCAPE - LAYOUT(LS If LAYOUT is is not specified, the default will be PORTRAIT. 3) Option to chart USER type acids only. To list out USER ACIDS only (one to many), specify the USER keyword. The format of the USER keyword is: USER(*ALL*,*ONLY* Not applicable. Not applicable. Not applicable. TSSMVS 9126 Copyright (C) 2013 CA. All rights reserved. R00704-TSS150-SP1 DESC(TSSCHART UTILITY ENHANCEMENTS). PRE ( RO18622 ) SUP ( TR23717 RO23717 TR40958 TR41370 TR42273 TR42921 RO41370 RO42921 TR53950 ) ++HOLD (RO53950) SYSTEM FMID(CAKOF00) REASON (ACTION ) DATE (13115) After APPLY, LLA refresh required to install this APAR. Enhance TSSCHART utility. All users that leverage the TSSCHART utility. Security Administration Security authorization to run TSSCHART. Edit and submit JCL as needed.

9 CA Top Secret Security for z/os CA RS PTF RO RO53994 RO53994 M.C.S. ENTRIES = ++PTF (RO53994) TSSUTIL ENHANCEMENTS The related solution to this problem introduces the following enhancement to the CA Top Secret r15 TSSUTIL report utility: 1) Prior to this enhancement, TSSUTIL's RESOURCE keyword only processed the input parameter as if it were a name prefix; that is, if RESOURCE(DS) is specified, TSSUTIL acts as if you wanted all resources that start with 'DS'. Request is to enable user to give specific resource names in the keyword and get reports on just those specific resource entities. For instance, supplying RESOURCE('DS') gives reports on only the resource named 'DS'. 2) Continuation characters support. With this solution, TSSUTIL can now handle multi-line REPORT/EXPORT statements if either '+', '-', OR '*' is supplied within the REPORT/EXPORT statement. - TSSUTIL does not permit specification of an exact resource name in the - RESOURCE keyword. TSSUTIL does not support continuation characters. TSSUTIL not able to limit RESOURCE keyword to specific resource or allow continuation characters to be leveraged. Not applicable. PRODUCT(S) AFFECTED: TSSUTIL Release 15.0 TSSMVS 9288 LIBRARIAN MEMBER NAME WITH CHARACTERS! \ ~ Special characters such as! \ ~ when used as member names in CA Librarian do not display on a tssutil report output Special characters such as! \ ~ display as blanks on a tssutil report. Member names with special characters are not identified correctly. None. PRODUCT(S) AFFECTED: TSSMVS Release 14.0 TSSMVS Release 15.0 TSSMVS 9312 Copyright (C) 2013 CA. All rights reserved. R00707-TSS150-SP1 DESC(TSSUTIL ENHANCEMENTS). SUP ( TR21136 RO21136 TR29198 RO29198 TR32082 TR34090 TR34128 TR34131 TR33589 TR34093 TR34311 RO34131 RO34311 TR43305 TR48031 TR48164 TR48206 TR48494 TR48569 TR48642 TR48958 TR49045 AR49045 TR51797 RO49045 RO51797 TR53994 ) ++HOLD (RO53994) SYSTEM FMID(CAKOF00) REASON (ACTION ) DATE (13115) After APPLY, LLA refresh required to install this APAR. Enhance DATE and TIME keywords for TSSUTIL utility. All users that leverage the TSSUTIL utility. Security Administration Security authorization to run TSSUTIL.

10 CA Top Secret Security for z/os CA RS PTF RO53994 Edit and submit JCL as needed. ++HOLD (RO53994) SYSTEM FMID(CAKOF00) REASON (DOC ) DATE (13115) Publication: The following CA Top Secret Guides have been updated related to this support. Access to these updated guides is available via CA Support Online. Each guide (just prior to the start of the CONTENTS section) has a DOCUMENTATION CHANGES section that provides hyper links to the related new feature documentation updates. CA Top Secret Release Notes Guide CA Top Secret Report and Tracking Guide

11 CA Top Secret Security for z/os CA RS PTF RO RO54303 RO54303 M.C.S. ENTRIES = ++PTF (RO54303) TSSSIM 255-CHAR-LENGTH ENTITY NAMES SUPPORT This solution adds support for resource classes that can have up to 255 characters. Prior to this support, when running simulations against a resource class that had greater than 240 character entity names, TSSSIM would fail to identify the invalid length error and exit processing before trying the simulation. TSSSIM will execute simulations that should fail due to length restrictions. TSSSIM will not return the appropriate messages. Length related failure restriction messages are expected but will not be seen. Product continues to function, but gives erroneous results when trying to simulate with a resource entity name longer than 255 characters. Not applicable. TSSMVS 9354 Copyright (C) 2013 CA. All rights reserved. R00717-TSS150-SP1 DESC(TSSSIM 255-CHAR-LENGTH ENTITY NAMES SUPPORT). PRE ( RO36198 RO46797 RO47831 ) SUP ( TR25551 TR25577 RO25577 TR27055 AR46797 RO27055 TR52850 TR52941 AR52941 RO52941 TR54246 RO52850 RO54246 TR54303 ) ++HOLD (RO54303) SYSTEM FMID(CAKOF00) REASON (ACTION ) DATE (13115) After APPLY, LLA refresh required to install this APAR. TSSSIM 255-CHAR-LENGTH ENTITY NAMES SUPPORT All users that leverage the TSSSIM utility. Security Administration. Security authorization to run TSSSIM. Implement PTF and re-execute TSSSIM.

12 CA Top Secret Security for z/os CA RS PTF RO RO54858 RO54858 M.C.S. ENTRIES = ++PTF (RO54858) ABEND S0C4 IN TSSCPF+54EC TSSCPF may experience S0C4 abends around offset +54EC. This is caused by the TIMER exit being active while the CPF dispatcher is manipulating the ECBLIST. TSS9804A CA-TSS CPF COMMUNICATIONS LINK ABEND S0C4 IN TSSCPF+xxxx. The CPF subtask abend will cause an outage of the command propagation and will requiree a restart of the CPF subtask. None. TSSMVS 9380 COMMANDS ARE ROUTED VIA CPF TO PSWD ONLY NODE TSS commands are routed to cpf nodes configured as PSWD-ONLY. TSS commands are routed by CPF to nodes that are defined in the NDT table with attribute "SEND(PWD)". Such nodes should only receive password changes. Commands are incorrectly routed only if the remote node is specified in the TARGET() keyword. CPF incorrectly routes commands to PSWD-ONLY nodes. None. TSS 15.0 TSSMVS 9387 Copyright (C) 2013 CA. All rights reserved. R00730-TSS150-SP1 DESC(ABEND S0C4 IN TSSCPF+54EC). PRE ( RO18784 RO38472 RO40240 RO48248 RO54619 ) SUP ( TR27616 RO27616 TR34286 AR27616 TR36144 AR38472 TR40412 TR40449 TR43303 BR38472 TR43948 TR44141 RO34286 RO36144 RO40412 RO40449 RO43303 RO44141 TR53711 TR54169 TR54419 TR54858 ) ++HOLD (RO54858) SYSTEM FMID(CAKOF00) REASON (ACTION ) DATE (13115) SMP APPLY, LLA REFRESH and a restart of TSS with REINIT is required to install this APAR. Note: HIPER pre-requisite PTF RO54619 and associated CCS maintenance must be applied prior to implementing this apar. ABEND S0C4 IN TSSCPF+54EC All users that leverage CPF. 1- Product Administration 2- SMP/e 3- z/os Systems Programming 4- Security Administration SMP/e CSI libraries Implement PTF.

13 CA Top Secret Security for z/os CA RS PTF RO RO54984 RO54984 M.C.S. ENTRIES = ++PTF (RO54984) NEWCOPY FAILS FOR SUFFIXED PGMS AFTER TSEU=NEWC=CAKSLMT If the TSEU transaction is used to NEWCOPY module CAKSLMT (the Load Module Table), its current release dependent suffix definitions will be lost, resulting in the inability to NEWCOPY the following modules, which became release dependent at CICS/TS 4.1: CAKSMSGH/CAKSMS## CAKSSIGN/CAKSSN## CAKSTRPX/CAKSTR## This PTF will prevent the Load Module Table from being NEWCOPYed. Response from: TSEU=NEWC=mmmmmmmm is: Module refresh unsuccessful - mmmmmmmm. Unknown, as the TSEU=NEWC function should only be done on request of support or post-maintenance as directed in ++HOLD data. Restart the CICS region. PRODUCTS AFFECTED: CICS/TS Interface for CA Top Secret for z/os Release 14.0 CICS/TS Interface for CA Top Secret for z/os Release 15.0 TSSMVS 9391 Copyright (C) 2013 CA. All rights reserved. R00733-TSS150-SP1 DESC(NEWCOPY FAILS FOR SUFFIXED PGMS AFTER TSEU=NEWC=CAKSLMT). FMID (CAKOF01) PRE ( RO32608 RO53625 ) SUP ( TR54984 ) ++HOLD (RO54984) SYSTEM FMID(CAKOF01) REASON (ACTION ) DATE (13100) The following actions are required: 1. SMP APPLY the PTF 2. Perform an LLA REFRESH (if applicable) 3. Issue CICS transaction: CEMT SET PROG(CAKSNEWC) NEWCOPY NEWCOPY FAILS FOR SUFFIXED PGMS AFTER TSEU=NEWC=CAKSLMT TSEU=NEWC function should only be done on request of support or post-maintenance as directed in ++HOLD data. 1- Product Administration 2- SMP/e 3- z/os Systems Programming 4- Security Administration SMP/e CSI libraries Implement the PTF.

14 CA Top Secret Security for z/os CA RS PTF RO RO55033 RO55033 M.C.S. ENTRIES = ++PTF (RO55033) TSSCFILE PASSPHRASE EXP. DATE MISSING CHARACTER When using TSSCFILE on a TSS LIST(ACIDS) DATA(PASSW), the output for any ACID with a passphrase was missing a character in both the expiration date and the interval message missing characters. For instance, might get something like: : 3001 KLOUSER1 3/15/13 30 When it should be: : 3001 KLOUSER1 03/15/13030 Missing characters could impact any programs that are written to read the TSSCFILE output. None. TSSMVS 9394 Copyright (C) 2013 CA. All rights reserved. R00736-TSS150-SP1 DESC(TSSCFILE PASSPHRASE EXP. DATE MISSING CHARACTER). PRE ( RO21502 RO23653 RO25900 RO35644 RO36198 RO40240 RO40416 RO40683 ) SUP ( BIT8859 RO18737 RO20757 TR18737 TR20757 TR31284 RO31284 TR55033 ) ++HOLD (RO55033) SYSTEM FMID(CAKOF00) REASON (ACTION ) DATE (13094) SMP APPLY, LLA REFRESH and recycle Top Secret with a REINIT. Fix incomplete output on a TSSCFILE execution. All users of the TSSCFILE utility. 1- Product Administration 2- SMP/e 3- z/os Systems Programming 4- Security Administration 1- SMP/e CSI libraries 2- Security Administrative authority to run TSSCFILE Implement PTF.

15 CA Top Secret Security for z/os CA RS PTF RO RO55378 RO55378 M.C.S. ENTRIES = ++PTF (RO55378) KTRT ALLOCATION ENQUE ON USADLOCK KTRT allocation enque on USADLOCK in CICS. In rare occurrence the expansion of the KTRT queue during signon processing could lead to two transactions pointing to the same KTRT. If this occurs during signon processing the USADLOCK in CICS could be enque'd and not freed. This can prevent further signon processing from occurring. Signon processing in the CICS stops, other processing continues. Recycle the CICS region. CA-TOP SECRET-MVS Release 14.0 TSSMVS 9389 Copyright (C) 2013 CA. All rights reserved. R00747-TSS150-SP1 DESC(KTRT ALLOCATION ENQUE ON USADLOCK). FMID (CAKOF01) PRE ( RO35678 ) SUP ( TR23195 RO23195 TR55378 ) ++HOLD (RO55378) SYSTEM FMID(CAKOF01) REASON (ACTION ) DATE (13100) SMP APPLY, LLA REFRESH and recycle CTS/CICS regions. Resolve CTS/CICS sign-on failure problems. All users of CTS/CICS 1- Product Administration 2- SMP/e 3- z/os Systems Programming 4- Security Administration 1- SMP/e CSI libraries 2- Console authority to recycle CTS/CICS regions. 1- Implement PTF. 2- Recycle CTS/CICS regions.

16 CA Top Secret Security for z/os CA RS PTF RO RO55513 RO55513 M.C.S. ENTRIES = ++PTF (RO55513) CPF SPOOL FILES UNAVAILABLE IF JES3 STARTS AFTER TSS CPF SPOOL FILES directed to SYSOUT are not opened if JES3 starts after TSS. When TSS is running as subsystem and starts before JES3, when the system is IPL'ed, CPF sysout spool files are never opened even after JES3 is up and running. CPF Journal records are not available. Start JES3 before TSS, or recycle CPF after JES3 is up. TSSMVS 9396 Copyright (C) 2013 CA. All rights reserved. R00750-TSS150-SP1 DESC(CPF SPOOL FILES UNAVAILABLE IF JES3 STARTS AFTER TSS). PRE ( RO37235 RO48248 ) SUP ( TR55513 ) ++HOLD (RO55513) SYSTEM FMID(CAKOF00) REASON (ACTION ) DATE (13059) After apply. Refresh LLA Any system using TSS with JES3. System Commands. Console Commands. Issue command: 'F LLA,REFRESH'

17 CA Top Secret Security for z/os CA RS PTF RO RO55968 RO55968 M.C.S. ENTRIES = ++PTF (RO55968) S0C4 ABEND TSSUTIL +4B8E WITH LONG RESOURCE NAME When TSSUTIL is run with REPORT LONG using extracted records as input, a S0C4 abend may occur at TSSUTIL +4B8E. The abend occurs when the resource name is longer than 79 characters. TSSUTIL abends. TSSUTIL report is incomplete. Exclude the records for the user accessing the resource with the long name. TSSMVS 9401 Copyright (C) 2013 CA. All rights reserved. R00758-TSS150-SP1 DESC(S0C4 ABEND TSSUTIL +4B8E WITH LONG RESOURCE NAME). SUP ( TR21136 RO21136 TR29198 RO29198 TR32082 TR34090 TR34128 TR34131 TR33589 TR34093 TR34311 RO34131 RO34311 TR43305 TR48031 TR48164 TR48206 TR48494 TR48569 TR48642 TR48958 TR49045 AR49045 TR51797 RO49045 RO51797 TR53994 RO53994 TR55968 ) ++HOLD (RO55968) SYSTEM FMID(CAKOF00) REASON (ACTION ) DATE (13121) After APPLY, LLA refresh then rerun TSSUTIL job. Resolve S0C4 abend in TSSUTIL +4B8E with Long Resource Names. All users that leverage the TSSUTIL utility. Security Administration Security authorization to run TSSUTIL. Edit and submit JCL as needed.

18 CA Top Secret Security for z/os CA RS PTF RO RO56362 RO56362 M.C.S. ENTRIES = ++PTF (RO56362) CFILE: LINKNAME OR REALNAME TRUNCATED ON KERBLINK when running TSSCFILE, the KERBLINK, LINKNAME or REALNAME can be truncated to less than 17 characters. This occurs for records 5061 and 5071 respectively. The full name is not being placed in the record. TSSCFILE RECORD 5061 or 5071 for KERBLINK is TRUNCATED. Wrong record data in TSSCFILE report. None. CA-TOP SECRET-MVS Release 14.0 TSSMVS 9411 Copyright (C) 2013 CA. All rights reserved. R00760-TSS150-SP1 DESC(CFILE: LINKNAME OR REALNAME TRUNCATED ON KERBLINK). PRE ( RO21502 RO23653 RO25900 RO35644 RO36198 RO40240 RO40416 RO40683 ) SUP ( BIT8859 RO18737 RO20757 TR18737 TR20757 TR31284 RO31284 TR55033 RO55033 TR56362 ) ++HOLD (RO56362) SYSTEM FMID(CAKOF00) REASON (ACTION ) DATE (13094) SMP APPLY and LLA REFRESH required to install this APAR

19 CA Top Secret Security for z/os CA RS PTF RO RO57586 RO57586 M.C.S. ENTRIES = ++PTF (RO57586) EXEC CICS START FAILS WITH RESP=70 RESP2=9 For all supported releases of CICS/CTS, if XUSER=YES is set in the CA Top Secret facility, an EXEC CICS START can fail with EIBRESP= and EIBRESP2= The end result will be RC=04. This can occur for any of the following calls: SURROGAT(*.DFHEXCI) SURROGAT(*.DFHINSTL) SURROGAT(*.DFHSTART) A start of a transaction that results in a SURROGAT call with a RC=04 will fail to start. The transaction will fail. TSS ADD(dept) SURROGAT(userid.DFHEXCI) TSS PER(userid) SURROGAT(userid.DFHEXCI) PRODUCT(S) AFFECTED: CA-TOP SECRET-MVS Release 14.0 CA-TOP SECRET-MVS Release 15.0 TSSMVS 9418 Copyright (C) 2013 CA. All rights reserved. R00771-TSS150-SP1 DESC(EXEC CICS START FAILS WITH RESP=70 RESP2=9). FMID (CAKOF01) PRE ( RO49994 ) SUP ( TR49273 TR57223 TR57586 ) ++HOLD (RO57586) SYSTEM FMID(CAKOF01) REASON (ACTION ) DATE (13123) SMP APPLY, LLA REFRESH and recycle region to install this APAR. Correct EXEC CICS START error. All users that leverage CTS. 1- Product Administration 2- SMP/e 3- z/os Systems Programming 4- Security Administration SMP/e CSI libraries Implement PTF.

20 CA Top Secret Security for z/os CA RS PTF RO RO57685 RO57685 M.C.S. ENTRIES = ++PTF (RO57685) CASECAUT ADDITIONAL OPTIONS COVERED When implementing CASECAUT access for TSS MODIFY commands, certain commands should only require ACCESS(USE) but instead require ACCESS(PRIVILEG The full list of commands that should require ACCESS(USE) includes: TSS MODIFY STATUS TSS MODIFY ST TSS MODIFY STATS TSS MODIFY FAC(ALL) *TSS MODIFY FAC(facname) *TSS MODIFY FAC(facname=BYPLIST) *TSS MODIFY FAC(facname=RXLTLIST) *TSS MODIFY RPW(LIST) *TSS MODIFY DRC(nnn) *TSS MODIFY MSG(nnn) The commands with '*' have been added to the ACCESS(USE) set. List type TSS MODIFY commands will fail even though the ACID has been permitted access via: TSS PER(acid) CASECAUT(TSSCMD.ADMIN.MODIFY) ACCESS(USE List type TSS MODIFY commands are unsuccessful Temporarily give the ACID the higher CASECAUT privilege via: TSS PER(acid) CASECAUT(TSSCMD.ADMIN.MODIFY) ACCESS(PRIVILEG) TSSMVS 9416 CASECSEC SUPPORT FOR TYPE=USER Expand TSS MODIFY authorization using CASECAUT for TYPE(USER) ACIDs. Assigning CASECAUT for TSS MODIFY command authorization does not provide authorization to execute the MODIFY command. CASECAUT not usable with TYPE(USER) acids. None. TSSMVS 9428 Copyright (C) 2013 CA. All rights reserved. R00773-TSS150-SP1 DESC(CASECAUT ADDITIONAL OPTIONS COVERED). PRE ( RO18634 RO19256 RO20497 RO21793 RO23523 RO25900 RO35644 RO36198 RO37109 RO38472 RO46203 RO50801 RO53633 RO55678 ) SUP ( TR16894 TR16956 TR17040 TR17122 TR17596 TR18880 RO18880 TR20230 RO20230 TR20898 RO20898 TR21191 RO21191 TR28526 RO28526 TR28778 RO28778 TR29757 TR32792 RO32792 TR33282 RO33282 TR38385 TR33505 TR33519 TR38784 TR38899 RO38385 RO38784 RO38899 TR49662 RO49662 TR57685 ) ++HOLD (RO57685) SYSTEM FMID(CAKOF00) REASON (ACTION ) DATE (13151) SMP APPLY, LLA REFRESH and recycle Top Secret with a reinit. CASECAUT ADDITIONAL OPTIONS COVERED All users that leverage CASECAUT

21 CA Top Secret Security for z/os CA RS PTF RO Product Administration 2- SMP/e 3- z/os Systems Programming 4- Security Administration SMP/e CSI libraries Implement PTF.

22 CA Top Secret Security for z/os CA RS PTF RO RO57834 RO57834 M.C.S. ENTRIES = ++PTF (RO57834) PROBLEMS HANDLING 2-BYTE RESCODE RESOURCES Resource classes with RESCODEs greater than 100 (2-byte RESCODEs) can have problems in various points in processing. Among the problems that can occur: The sort sequence of PERMITs can be wrong, or S0C4 abends can occur within the process of sorting PERMITs. Selective REVOKE may not work properly, with a PERMIT that matches the REVOKE exactly not being found. Cleaning up resources still owned by a deleted acid may result in errors, leaving the resources owned by an acid that no longer exists. Listing an acid with DATA(X) shows improper sort sequence on resources. CCSR010E TSSAUTHZ S0C4 at xxxx LMOD TSSAUTH CSECT TSSAUTH2 +yyyy TSS0384E RESOURCE NOT FOUND IN SECURITY RECORD TSS0301I REVOKE FUNCTION FAILED, RETURN CODE = 8 TSS DELETE(DEPTXE14) TSS0390E UNEXPECTED ERROR, CODE = 076 Commands can fail to execute correctly. Use 1-byte RESCODE resources where possible. CA-TOP SECRET-MVS Release 14.0 TSSMVS 9425 Copyright (C) 2013 CA. All rights reserved. R00774-TSS150-SP1 DESC(PROBLEMS HANDLING 2-BYTE RESCODE RESOURCES). PRE ( RO20497 RO23523 RO36198 RO38472 RO38876 RO43262 RO50801 RO55678 ) SUP ( TR26159 RO26159 TR26572 RO26572 TR38113 DR36198 TR40741 RO38113 RO40741 TR45022 TR46328 RO46328 TR57834 ) ++HOLD (RO57834) SYSTEM FMID(CAKOF00) REASON (ACTION ) DATE (13134) SMP APPLY, LLA REFRESH and a restart of TSS is required to install this APAR. Prevent 0C4 abends when processing 2-BYTE resources. Clients who leverage 2-BYTE resources. 1. SMP/e 2. CA Top Secret administration 3. z/os Operator command usage 1. CA Top Secret SMP/e libraries 2. System Linklist update 3. CA Top Secret Started Task Implement PTF.

23 CA Top Secret Security for z/os CA RS PTF RO RO57887 RO57887 M.C.S. ENTRIES = ++PTF (RO57887) S0C4 TSSMVS1+1C36 AFTER JOB ABENDS SB37-4 If a batch job issues a 'TSS LIST(ACIDS) DATA(BASIC)' and the SYSTSPRT dataset runs out of space, the job abends with SB37-4 and with a s0c4 in TSSMVS1+1C36. TSS9999E CA-TSS SECURITY SVC ABEND S0C4 IN TSSMVS1+1C36. Batch job abends with SB37-7 and needs to be re-run with a larger SYSTSPRT dataset. Increase SYSTSPRT dataset. PRODUCT(S) AFFECTED: TSSMVS Release 15.0 TSSMVS Release 14.0 TSSMVS 9426 Copyright (C) 2013 CA. All rights reserved. R00775-TSS150-SP1 DESC(S0C4 TSSMVS1+1C36 AFTER JOB ABENDS SB37-4). PRE ( RO25119 RO32654 RO36198 ) SUP ( TR16903 TR37192 TR38282 RO37192 RO38282 TR28680 TR57887 ) ++HOLD (RO57887) SYSTEM FMID(CAKOF00) REASON (ACTION ) DATE (13113) SMP APPLY, LLA REFRESH and a restart of TSS with REINIT is required to install this APAR. Correct S0C4 TSSMVS1+1C36. All users that leverage TSS LIST(ACIDS) via batch job. 1- Product Administration 2- SMP/e 3- z/os Systems Programming 4- Security Administration SMP/e CSI libraries Implement PTF.

24 CA Top Secret Security for z/os CA RS PTF RO RO57893 RO57893 M.C.S. ENTRIES = ++PTF (RO57893) S0C4 ABEND COMPARING ADMIN AUTHORITIES ON ACIDS When using the COMPARE command to compare two acids, and only one of the acids has administrative authority over individual resource classes, an S0C4 abend can occur. TSS9190A CA-TSS COMMAND PROCESSOR ABEND S0C4 IN TSSAUTH1+xxxxx The COMPARE does not complete. None. TSSMVS 9412 Copyright (C) 2013 CA. All rights reserved. R00776-TSS150-SP1 DESC(S0C4 ABEND COMPARING ADMIN AUTHORITIES ON ACIDS). PRE ( RO55678 ) SUP ( RO20765 RO21040 RO21789 TR16986 TR17334 TR17629 TR17994 TR20229 TR20765 TR21040 TR21616 TR21789 TR57893 ) ++HOLD (RO57893) SYSTEM FMID(CAKOF00) REASON (ACTION ) DATE (13170) SMP APPLY, LLA REFRESH and a restart of TSS with REINIT is required to install this APAR. Address S0C4 ABEND when comparing ADMIN authorities on ACIDS. Any user leveraging the TSS COMPARE command. 1 - Product Administration 2 - SMP/e 3 - z/os Systems Programming 4 - Security Administration SMP/e CSI libraries Implement PTF.

25 CA Top Secret Security for z/os CA RS PTF RO RO57994 RO57994 M.C.S. ENTRIES = ++PTF (RO57994) ADD RECOVERY CODE WHEN ABEND HOLDING SAFISUI2 RESOURCE When the SAF UID or GID table is updated an ENQ is issued for CASAFIVT resource SAFISUI2 or SAFISGI2. If there is an abend during the table update the ENQ is not released. Further updates will get a S138 abend until TSS is recycled. S138 abend after initial abend when the table is updated. UID and GID table cannot be updated. Recycle TSS TSSMVS 9427 Copyright (C) 2013 CA. All rights reserved. R00777-TSS150-SP1 DESC(ADD RECOVERY CODE WHEN ABEND HOLDING SAFISUI2 RESOURCE). PRE ( RO18784 RO22442 RO55678 ) SUP ( TR57994 ) ++HOLD (RO57994) SYSTEM FMID(CAKOF00) REASON (ACTION ) DATE (13170) SMP APPLY, LLA REFRESH and a restart of TSS with REINIT is required to install this APAR. ADD RECOVERY CODE WHEN ABEND HOLDING SAFISUI2 RESOURCE Any user leveraging UID/GID support. 1 - Product Administration 2 - SMP/e 3 - z/os Systems Programming 4 - Security Administration SMP/e CSI libraries Implement PTF.

26 CA Top Secret Security for z/os CA RS PTF RO RO58021 RO58021 M.C.S. ENTRIES = ++PTF (RO58021) TSS INPROPERLY LOGS CONTROL OPTION QUERIES AS CHANGES Top Secret improperly marks some query type TSS MODIFY commands as Control Option changes. Compliance Manager interprets incorrectly marked query commands as changes and internally initiates a sequence of query commands to rebuild the system status. Depending upon the site command traffic this may lead to performance problems due to excess TSS MODIFY command traffic generated by Compliance Manager. Avoid excessive issuance of the following query type commands: TSS MODIFY FAC(xxxxxxxx=BYPLIST) TSS MODIFY FAC(xxxxxxxx=RXLTLIST) TSS MODIFY DRC(nnn) TSS MODIFY MSG(nnn) TSSMVS 9417 Copyright (C) 2013 CA. All rights reserved. R00778-TSS150-SP1 DESC(TSS INPROPERLY LOGS CONTROL OPTION QUERIES AS CHANGES). PRE ( RO25587 RO26450 RO36198 RO37109 RO38472 RO45811 RO50143 RO50925 RO55678 ) SUP ( TR16265 TR16732 TR40589 TR42155 TR42988 RO40589 RO42155 RO42988 TR31112 TR31438 TR57058 TR57652 TR58021 ) ++HOLD (RO58021) SYSTEM FMID(CAKOF00) REASON (ACTION ) DATE (13114) SMP APPLY, LLA REFRESH and a restart of TSS is required to install this APAR. Make TSSPARAM properly mark query type TSS MODIFY commands as such. Clients who are running or intend to run CA Compliance Manager. 1. SMP/e 2. CA Top Secret administration 3. Security Administration 4. z/os Operator command usage 1. CA Top Secret SMP/e libraries 2. System Linklist update 3. CA Top Secret Started Task Implement PTF.

27 CA Top Secret Security for z/os CA RS PTF RO RO58285 RO58285 M.C.S. ENTRIES = ++PTF (RO58285) U751 ABEND DURING CICS INITIALIZATION During CICS initialization security checks on LINK acid could ABEND with U751 (x'2ef') in CAKSALOC. This problem has shown up when numerous links are attached to the same link acid. CAS9578E - Product = KO50 PSW = XXXXXXXX XXXXXXXX Completion Code = 02EF U751 (x'2ef') ABEND is taken but region remain up and active. Have the IRC / ISC connection start up after control is given to CICS. PRODUCT(S) AFFECTED: TSSMVS Release 15.0 TSSMVS Release 14.0 TSSMVS 9269 Copyright (C) 2013 CA. All rights reserved. R00781-TSS150-SP1 DESC(U751 ABEND DURING CICS INITIALIZATION). FMID (CAKOF01) PRE ( RO26389 RO32608 RO44835 ) SUP ( TR41822 RO41822 TR58285 ) ++HOLD (RO58285) SYSTEM FMID(CAKOF01) REASON (ACTION ) DATE (13151) SMP APPLY, LLA REFRESH and recycle region to install this APAR. Correct U751 ABEND DURING CICS INITIALIZATION All users that leverage CTS. 1- Product Administration 2- SMP/e 3- z/os Systems Programming 4- Security Administration SMP/e CSI libraries Implement PTF. Recycle the region.

28 CA Top Secret Security for z/os CA RS PTF RO RO58318 RO58318 M.C.S. ENTRIES = ++PTF (RO58318) EXPAND CASECAUT PROTECTION TO INCLUDE MODIFY VIA CONSOLE Enhance CASECAUT protection to secure TSS MODIFY commands issued at the Consoles. Not applicable. Not applicable. Use CONSOLE attribute. TSSMVS 9423 Copyright (C) 2013 CA. All rights reserved. R00782-TSS150-SP1 DESC(EXPAND CASECAUT PROTECTION TO INCLUDE MODIFY VIA CONSOLE). PRE ( RO25587 RO26450 RO36198 RO37109 RO38472 RO45811 RO50143 RO50925 RO55678 ) SUP ( TR16265 TR16732 TR40589 TR42155 TR42988 RO40589 RO42155 RO42988 TR31112 TR31438 TR57058 TR57652 TR58021 RO58021 TR58318 ) ++HOLD (RO58318) SYSTEM FMID(CAKOF00) REASON (ACTION ) DATE (13162) SMP APPLY, LLA REFRESH and a restart of TSS with REINIT is required to install this APAR. EXPAND CASECAUT PROTECTION TO INCLUDE MODIFY VIA CONSOLE Any user wanting to leverage CASECAUT to protect MODIFY via CONSOLE. Knowedge required: 1- Product Administration 2- SMP/e 3- z/os Systems Programming 4- Security Administration SMP/e CSI libraries Implement PTF.

29 CA Top Secret Security for z/os CA RS PTF RO RO58366 RO58366 M.C.S. ENTRIES = ++PTF (RO58366) AES PASSWORD VERIFICATION FAILS WHEN STCACT SPECIFIED WHen AES encryption is used and STCACT is added to an acid in the STC table, password verification fails when the PROC is started. Message IEE296I is issued. IEE296I ssssssss FAILED BY SECURITY INTERFACE. RC= 08 The started task will not start. Remove STCACT from the acid. Release 14.0 TSSMVS 9011 Copyright (C) 2013 CA. All rights reserved. R00783-TSS150-SP1 DESC(AES PASSWORD VERIFICATION FAILS WHEN STCACT SPECIFIED). PRE ( RO18784 RO19158 RO24363 RO25587 RO26491 RO26651 RO27036 RO28221 RO28502 RO32654 RO35644 RO36198 RO36860 RO38053 RO38472 RO41151 RO41767 RO43262 RO43837 RO45152 RO45458 RO45566 RO46592 RO47831 RO47860 RO50024 RO50077 RO52334 RO53985 RO55023 RO55678 ) SUP ( TR32201 TR34459 TR51190 TR53696 TR54009 TR58366 ) ++HOLD (RO58366) SYSTEM FMID(CAKOF00) REASON (ACTION ) DATE (13123) SMP APPLY, LLA REFRESH and a restart of TSS with REINIT is required to install this APAR. WHen AES encryption is used and STCACT is added to an acid in the STC tabele password verification fails when the proc is started. Message IEE296I is issued. All users that leverage AES and STCACT. 1- Product Administration 2- SMP/e 3- z/os Systems Programming 4- Security Administration SMP/e CSI libraries Implement PTF.

30 CA Top Secret Security for z/os CA RS PTF RO RO58398 RO58398 M.C.S. ENTRIES = ++PTF (RO58398) S0C4 TSS00KKY+1360 ON ADD() KERBNAME() A TSS ADD(userid) KERBNAME('XXXXXXX') may result in a S0C4 abend on module TSS00KKY CCSR010E TSSAUTHZ S0C4 at 00C4BEB0 LMOD TSS00KKY CSECT TSS00KKY TSS command fails. Reissue the command. CA-TOP SECRET-MVS Release 14.0 TSSMVS 9413 Copyright (C) 2013 CA. All rights reserved. R00786-TSS150-SP1 DESC(S0C4 TSS00KKY+1360 ON ADD() KERBNAME()). PRE ( RO55678 ) SUP ( TR56540 TR58394 TR58398 ) ++HOLD (RO58398) SYSTEM FMID(CAKOF00) REASON (ACTION ) DATE (13134) SMP APPLY, LLA REFRESH and a restart of TSS with REINIT is required to install this APAR. Eliminate a S0C4 TSS00KKY+1360 ON ADD() KERBNAME() All users issuing TSS ADD() KERBNAME() commands 1- Product Administration 2- SMP/e 3- z/os Systems Programming 4- Security Administration SMP/e CSI libraries Implement PTF.

31 CA Top Secret Security for z/os CA RS PTF RO RO58497 RO58497 M.C.S. ENTRIES = ++PTF (RO58497) TSEU=TRACE=ON FAILS FOR CTS 4.1 Issuing a TSEU=TRACE=ON and turning on cics auxtrace via CETR does not cut an TSS auxtrace information for CTS 4.1. Missing tss cics auxtrace information. Missing tss cics auxtrace information. None. PRODUCT(S) AFFECTED: TSSMVS Release 14.0 TSSMVS Release 15.0 TSSMVS 9436 Copyright (C) 2013 CA. All rights reserved. R00788-TSS150-SP1 DESC(TSEU=TRACE=ON FAILS FOR CTS 4.1). FMID (CAKOF01) PRE ( RO32608 RO53625 ) SUP ( TR58497 ) ++HOLD (RO58497) SYSTEM FMID(CAKOF01) REASON (ACTION ) DATE (13128) SMP APPLY, LLA REFRESH and a restart cics region. Issuing a TSEU=TRACE=ON and turning on cics auxtrace via CETR does not cut an TSS auxtrace information for CTS 4.1. All users that leverage TSEU=TRACE=ON under CICS. 1- Product Administration 2- SMP/e 3- z/os Systems Programming 4- Security Administration SMP/e CSI libraries. Implement PTF.

32 CA Top Secret Security for z/os CA RS PTF RO RO58561 RO58561 M.C.S. ENTRIES = ++PTF (RO58561) ABEND U0002 IN TSSCPF IF CPF RECOVERY FILE ACCESS IS SLOW The TSSCPF subtask may abend with a U0002 abend for lack of available private area storage if access to the CPF Recovery File is slow. TSS9804A CA-TSS CPF COMMUNICATIONS LINK ABEND U0002 IN TSSCPF+2156 CPF propagation will be terminated. None. TSSMVS 9430 Copyright (C) 2013 CA. All rights reserved. R00789-TSS150-SP1 DESC(ABEND U0002 IN TSSCPF IF CPF RECOVERY FILE ACCESS IS SLOW). PRE ( RO18784 RO27616 RO34286 RO36144 RO38472 RO40240 RO40412 RO40449 RO43303 RO44141 RO48248 RO54619 RO54858 ) SUP ( TR53711 TR54169 TR54419 TR58095 TR58561 ) ++HOLD (RO58561) SYSTEM FMID(CAKOF00) REASON (ACTION ) DATE (13128) SMP APPLY, LLA REFRESH and a restart of TSS is required to install this APAR. Prevent U0002 abends when response time slow to CPF Recovery File. Clients who leverage CPF. 1. SMP/e 2. CA Top Secret administration 3. z/os Operator command usage 1. CA Top Secret SMP/e libraries 2. System Linklist update 3. CA Top Secret Started Task Implement PTF.

33 CA Top Secret Security for z/os CA RS PTF RO RO58980 RO58980 M.C.S. ENTRIES = ++PTF (RO58980) DETECT USERS OF BPX.DEFAULT.USER BPX.DEFAULT.USER will not be available after z/os Current users of BPX.DEFAULT.USER can determine which logon acids are not set up with Unix ids but they cannot tell which users are actually accessing Unix services using the BPX.DEFAULT.USER values. The activation of default user and default group usage is controlled by the CA Top Secret Control Options 'OMVSUSR' and 'OMVSGRP' respectively. This support adds the ability to turn on a BPX.DEFAULT.USER "trace". To activate this support, you will need to set CA Top Secret Control Option OPTIONS(32) to enable the USS logging feature and OPTIONS(85) to generate the default use trace messages. By activating Options(32,85), you will automatically log any successful initusp callable service that has used the BPX.DEFAULT.USER values. Inability to determine which users actually use the BPX.DEFAULT.USER values. It is difficult to know which users will get UID values and which groups will get GID values assigned once the switch has been made to UNIQUSER, MODLUSER, and UNIXOPTS without this trace support. None. PRODUCT(S) AFFECTED: CA-TSS-MVS Release 15.0 TSSMVS 9410 Copyright (C) 2013 CA. All rights reserved. R00795-TSS150-SP1 DESC(DETECT USERS OF BPX.DEFAULT.USER). PRE ( RO35644 RO36198 RO37807 RO47831 RO52781 RO55678 ) SUP ( TR23470 TR25968 BR36198 RO23470 TR38292 CR36198 RO25968 TR40277 RO38292 RO40277 TR50947 TR58980 ) ++HOLD (RO58980) SYSTEM FMID(CAKOF00) REASON (ACTION ) DATE (13137) SMP APPLY, LLA REFRESH, 'F TSS REFRESH(SAFAL)', and restart of TSS with REINIT required to install this APAR. DETECT USERS OF BPX.DEFAULT.USER All users moving to zos Product Administration 2- SMP/e 3- z/os Systems Programming 4- Security Administration SMP/e CSI libraries Implement PTF.

34 CA Top Secret Security for z/os CA RS PTF RO RO59130 RO59130 M.C.S. ENTRIES = ++PTF (RO59130) VARIOUS UPDATES RELATED TO LIST/ARCHIVE COMMAND OUTPUT This problem and related solution address various erroneous and/or missing output commands when leveraging the CA Top Secret ARCHIVE command. Each of the items listed in the symptoms section should be addressed with this maintenance. 1) When the length of the OMVS segment HOME attribute is of sufficient extend to a second line, multiple erroneous commands are generated. 2) When the length of the OMVS segment OMVSPGM keywd is of sufficient extend to a second line, multiple erroneous commands are generated. 3) The command generated for the OMVS segment MEMLIMIT attribute encloses the setting in apostrophes, which is NOT accepted by the TSS ADDTO command. 4) The command generated for the OMVS segment SHMEMMAX attribute encloses the setting in apostrophes, which is NOT accepted by the TSS ADDTO command. 5) No command is generated for the LANGUAGE segment USERNL1 attribute. 6) No command is generated for the LANGUAGE segment USERNL2 attribute. 7) The command generated for FDT field MCSMON(JOBNAMES-T) includes a truncated value MCSMON(JOBNAMES) which is NOT accepted by TSS. 8) The command generated for FACILITY attribute SIGNMULTI is incorrect and is not accepted by TSS. 9) No command is generated for attribute MATCHLIM. 10) When field SCTYKEY includes more than 16 key values the generated command is incorrect and not accepted by TSS. Invalid ARCHIVE command statements generated. None. TSSMVS 9439 Copyright (C) 2013 CA. All rights reserved. R00798-TSS150-SP1 DESC(VARIOUS UPDATES RELATED TO LIST/ARCHIVE COMMAND OUTPUT). PRE ( RO21502 RO23653 RO25900 RO35644 RO36198 RO40240 RO40416 RO40683 RO48091 RO52580 RO53544 ) SUP ( RO18633 RO19414 RO21317 TR17158 TR17988 TR18043 TR18633 TR19414 TR21317 TR25830 RO25830 TR29063 RO29063 TR30280 BIT8859 RO18737 RO20757 TR18737 TR20757 TR31284 RO31284 TR55033 RO30280 TR55736 RO55033 TR56362 AR52580 RO55736 TR56568 TR57038 RO56362 RO57038 TR59130 ) ++HOLD (RO59130) SYSTEM FMID(CAKOF00) REASON (ACTION ) DATE (13142) SMP APPLY, LLA REFRESH and a restart of TSS with REINIT is required to install this APAR. Correct TSS LIST W/ARCHIVE OUTPUT FOR VARIOUS KEYWORDS. All users that leverage ARCHIVE or MODEL features. 1- Product Administration 2- SMP/e 3- z/os Systems Programming 4- Security Administration SMP/e CSI libraries

35 CA Top Secret Security for z/os CA RS PTF RO59130 Implement PTF.

36 CA Top Secret Security for z/os CA RS PTF RO RO59203 RO59203 M.C.S. ENTRIES = ++PTF (RO59203) NO ACID(MAINTAIN) CHECK OR HOME/OMVSPGM An administrator without ACID(MAINTAIN) authority can issue a TSS ADD/REM of the following fields: HOME & OMVSPGM. TSS ADD/REM command does not fail with message: TSS0207E INSUFFICIENT AUTHORITY FOR FUNCTION TSS0208E TYPE = ACID, AUTHORITY = MAINTAIN TSS commands can be issued without the required authority. None. PRODUCT(S) AFFECTED: TSSMVS Release 15.0 TSSMVS Release 14.0 TSSMVS 9408 Copyright (C) 2013 CA. All rights reserved. R00799-TSS150-SP1 DESC(NO ACID(MAINTAIN) CHECK OR HOME/OMVSPGM). PRE ( RO18634 RO19256 RO20497 RO21793 RO23523 RO25900 RO35644 RO36198 RO37109 RO38472 RO46203 RO50801 RO53633 RO55678 ) SUP ( RO18880 RO20230 RO20898 RO21191 RO28526 RO28778 RO32792 RO33282 RO38385 RO38784 RO38899 RO49662 RO57685 TR16894 TR16956 TR17040 TR17122 TR17596 TR18880 TR20230 TR20898 TR21191 TR28526 TR28778 TR29757 TR32792 TR33282 TR33505 TR33519 TR38385 TR38784 TR38899 TR49662 TR57685 TR59203 ) ++HOLD (RO59203) SYSTEM FMID(CAKOF00) REASON (ACTION ) DATE (13156) SMP APPLY, LLA REFRESH and a restart of TSS is required to install this APAR. Address a problem where an administrator without ACID(MAINTAIN) authority can issue a TSS ADD/REM of the following fields: HOME & OMVSPGM All users that issue a TSS ADD/REM of fields HOME & OMVSPGM 1- Product Administration 2- SMP/e 3- z/os Systems Programming 4- Security Administration SMP/e CSI libraries Implement PTF.

37 CA Top Secret Security for z/os CA RS PTF RO RO59314 RO59314 M.C.S. ENTRIES = ++PTF (RO59314) S0C7 TSSAUTHW+1E5C ON A TSS WHOHAS OPTIME(00:30) Issuing a TSS WHOHAS OPTIME(00:30) can result in a S0C4 ABEND in module TSSAUTH1+9B014. TSS9190A CA-TSS COMMAND PROCESSOR ABEND S0C7 IN TSSAUTH1+9B014 TSS command will ABEND with a S0C7. Re-issue command as 'TSS WHOHAS OPTIME(0030)' PRODUCT(S) AFFECTED: TSSMVS Release 15.0 TSSMVS Release 14.0 TSSMVS 9444 Copyright (C) 2013 CA. All rights reserved. R00800-TSS150-SP1 DESC(S0C7 TSSAUTHW+1E5C ON A TSS WHOHAS OPTIME(00:30)). PRE ( RO18634 RO19256 RO20497 RO21793 RO23523 RO25900 RO35644 RO36198 RO37109 RO38472 RO46203 RO50801 RO53633 RO55678 ) SUP ( TR16894 TR16956 TR17040 TR17122 TR17596 TR18880 RO18880 TR20230 RO20230 TR20898 RO20898 TR21191 RO21191 TR28526 RO28526 TR28778 RO28778 TR29757 TR32792 RO32792 TR33282 RO33282 TR38385 TR33505 TR33519 TR38784 TR38899 RO38385 RO38784 RO38899 TR49662 RO49662 TR57685 RO57685 TR59203 RO59203 TR59314 ) ++HOLD (RO59314) SYSTEM FMID(CAKOF00) REASON (ACTION ) DATE (13168) SMP APPLY, LLA REFRESH and a restart of TSS is required to install this APAR. Address a problem where a TSS WHOHAS OPTIME(00:30) will result in a S0C7 abend in module TSSAUTH1+9B014 All users that issue a TSS WHOHAS OPTIME(00:30) 1- Product Administration 2- SMP/e 3- z/os Systems Programming 4- Security Administration SMP/e CSI libraries Implement PTF.

38 CA Top Secret Security for z/os CA RS PTF RO RO59441 RO59441 M.C.S. ENTRIES = ++PTF (RO59441) LDS TCB ABEND WHEN JES3 STARTS AFTER TSS WITH LDS(ON) LDS TCB ABEND when JES3 starts after TSS with LDS(ON When JES3 starts after TSS and LDS is activated using parmfile control option LDS(ON), LDS subtask is abending as soon as JES3 is up and running. LDS functionality is not available. Start LDS manually after JES3 is up. TSSMVS 9420 Copyright (C) 2013 CA. All rights reserved. R00804-TSS150-SP1 DESC(LDS TCB ABEND WHEN JES3 STARTS AFTER TSS WITH LDS(ON)). PRE ( RO18784 RO32653 RO35644 RO36198 RO37235 RO47730 RO48248 RO48562 RO50143 RO55678 ) SUP ( TR47373 TR48614 TR48724 RO48724 TR59441 ) ++HOLD (RO59441) SYSTEM FMID(CAKOF00) REASON (ACTION ) DATE (13155) SMP APPLY, LLA REFRESH and a restart of TSS with REINIT is required to install this APAR. Correct LDS TCB ABEND WHEN JES3 STARTS AFTER TSS WITH LDS(ON) Any user starting JES3 after TSS with LDS(ON) in parmfile. 1- Product Administration 2- SMP/e 3- z/os Systems Programming 4- Security Administration SMP/e CSI libraries Implement PTF.

39 CA Top Secret Security for z/os CA RS PTF RO RO59666 RO59666 M.C.S. ENTRIES = ++PTF (RO59666) TSS9410E UNKNOWN CLASSNAME (DATASET ) FOR SVC (RACDEF ) If a RACDEF TYPE=CHGVOL with CLASS='DATASET' and ACEE= coded on the plist gets issued, the call will fail with message: TSS9410E UNKNOWN CLASSNAME (DATASET ) FOR SVC (RACDEF ) TSS9410E UNKNOWN CLASSNAME (DATASET ) FOR SVC (RACDEF ) The SVC will fail with RC=04. None. Release 14.0 TSSMVS 9450 Copyright (C) 2013 CA. All rights reserved. R00808-TSS150-SP1 DESC(TSS9410E UNKNOWN CLASSNAME (DATASET ) FOR SVC (RACDEF )). PRE ( RO18784 RO19158 RO25587 RO32654 RO35644 RO36198 RO45458 RO46592 RO47831 RO47860 RO55678 RO58366 ) SUP ( TR26491 RO26491 TR27036 RO27036 TR36860 TR41888 TR42119 TR43837 RO36860 RO43837 TR50077 AR45458 AR50077 RO50077 TR53696 TR53985 TR54009 RO53985 TR55023 RO55023 TR59666 ) ++HOLD (RO59666) SYSTEM FMID(CAKOF00) REASON (ACTION ) DATE (13156) SMP APPLY, LLA REFRESH and a restart of TSS with REINIT is required to install this APAR. Address a RACDEF call resulting in TSS9410E message. Any applications issuing a RACDEF TYPE=CHGVOL. 1- Product Administration 2- SMP/e 3- z/os Systems Programming 4- Security Administration SMP/e CSI libraries Implement PTF.

40 CA Top Secret Security for z/os CA RS PTF RO RO59797 RO59797 M.C.S. ENTRIES = ++PTF (RO59797) NON EXPIRED XAUTH PROFILE SHOWS EXPIRED IN CFILE 2801 A non-expired XAUTH PROFILE shows as expired under the following conditions: 1) A profile is added to a userid with an UNTIL date. 2) The UNTIL date has not expired yet. 3) From TSSCFILE, issue: TSS LIST(profile) DATA(ACIDS,EXPIRE) The TSSCFILE record 2801 will display the date field with EXPIRED instead of the date that the profile will expire. TSSCFILE record 2801 displays EXPIRED instead of until date. Applications that utilize record 2801 may get incorrect data. Set control OPTION OPTIONS(77) in the tss starup parm file. TSSMVS 9453 Copyright (C) 2013 CA. All rights reserved. R00813-TSS150-SP1 DESC(NON EXPIRED XAUTH PROFILE SHOWS EXPIRED IN CFILE 2801). PRE ( RO18634 RO19256 RO20497 ) SUP ( TR21636 RO21636 TR23570 RO23570 TR52490 RO52490 TR59797 ) ++HOLD (RO59797) SYSTEM FMID(CAKOF00) REASON (ACTION ) DATE (13161) SMP APPLY, LLA REFRESH and a restart of TSS is requird to install this APAR. Report TSSCFILE 2801 record for non-expired profiles correctly. Applications that utilize record 2801 may get incorrect data. 1- Product Administration 2- SMP/e 3- z/os Systems Programming 4- Security Administration SMP/e CSI libraries Implement PTF.

41 CA Top Secret Security for z/os CA RS PTF RO RO59808 RO59808 M.C.S. ENTRIES = ++PTF (RO59808) PDS MEMBER LEVEL SECURITY RELEASING LOCAL LOCK A system completion CODE=302 REASON CODE= ABEND can result when running batch command jobs containing a large number of CA Top Secret PDS member level related authorization commands. No customers have reported this problem. The error condition was discovered during CA quality assurance testing. The PDS member level protection in module CAS4BPIO is releasing and re-acquiring the local lock in order to lock in order to issue a security validation under a process that should not release the local lock. The code will be altered to not release the local lock. System completion CODE=302 REASON CODE= ABEND. No dumps are produced. Impact is unpredictable. Turn off PDS member level protection. TSSMVS 9445 Copyright (C) 2013 CA. All rights reserved. R00814-TSS150-SP1 DESC(PDS MEMBER LEVEL SECURITY RELEASING LOCAL LOCK). PRE ( RO24069 RO25587 RO44354 RO45458 RO46592 RO47831 RO52781 RO55678 RO58980 ) SUP ( TR21042 TR28546 RO21042 TR43165 RO28546 RO43165 TR59420 TR59652 TR59808 ) ++HOLD (RO59808) SYSTEM FMID(CAKOF00) REASON (ACTION ) DATE (13160) SMP APPLY, LLA REFRESH and a restart of TSS with REINIT is required to install this APAR. PDS MEMBER LEVEL SECURITY RELEASING LOCAL LOCK All users exploiting option PDSPROT(ON 1- Product Administration 2- SMP/e 3- z/os Systems Programming 4- Security Administration SMP/e CSI libraries Implement PTF.