|
View previous topic :: View next topic
|
| Author |
Message |
anandinmainframe
Active User
Joined: 31 May 2007
Posts: 171
Location: India
|
|
|
|
Hi All,
Is there a way to find, who is purging our TSO session for eg: one Id has been used by group of people so each one of them will login to the TSO session from different machines. |
|
| Back to top |
|
 |
expat
Global Moderator
Joined: 14 Mar 2007
Posts: 8797
Location: Welsh Wales
|
|
|
|
| Standard TSO time out ? |
|
| Back to top |
|
|
anandinmainframe
Active User
Joined: 31 May 2007
Posts: 171
Location: India
|
|
|
|
Hi expat,
No not Standard TSO time out. |
|
| Back to top |
|
|
enrico-sorichetti
Superior Member
Joined: 14 Mar 2007
Posts: 10873
Location: italy
|
|
|
|
You should be able to find out by looking at the console log
or ask the operator to look it up for You
network issues? maybe? |
|
| Back to top |
|
|
anandinmainframe
Active User
Joined: 31 May 2007
Posts: 171
Location: India
|
|
|
|
| Thanks i will do that |
|
| Back to top |
|
|
dick scherrer
Moderator Emeritus
Joined: 23 Nov 2006
Posts: 19244
Location: Inside the Matrix
|
|
|
|
Hello,
| Quote: |
| one Id has been used by group of people so each one of them will login to the TSO session from different machines. |
This practice can cause sessions to disappear. Often when "user2" tries to log in, the system gives the opportunity for the "new" login to pre-empt the existing session "user1". |
|
| Back to top |
|
|
anandinmainframe
Active User
Joined: 31 May 2007
Posts: 171
Location: India
|
|
|
|
Hi Dick,
for eg: If i am using C machine so the next one can use A or B or J Machine then the session will not disappear but my problem is that someone from A or B or J is puging mine i.e) C machine. |
|
| Back to top |
|
|
dick scherrer
Moderator Emeritus
Joined: 23 Nov 2006
Posts: 19244
Location: Inside the Matrix
|
|
|
|
Hello,
| Quote: |
| If i am using C machine so the next one can use A or B or J Machine then the session will not disappear |
Please clarify this. How do these "machines" exist? I would expect multiple peole to sign on to one machine. How does it happen that the next one to login goes to a different machine? |
|
| Back to top |
|
|
anandinmainframe
Active User
Joined: 31 May 2007
Posts: 171
Location: India
|
|
|
|
Hi,
For one userid Eg: abcdef
we can have 6 to 7 machines rite
since i am logging in to only one machine other machines will be free hence others login through other machines thats how other machines exist.so multiple people are signing on to multiple machine not to one
machine.
hope this will be clear |
|
| Back to top |
|
|
Anuj Dhawan
Superior Member
Joined: 22 Apr 2006
Posts: 6250
Location: Mumbai, India
|
|
|
|
Hi,
I think you want to say, there is one RACF ID say XX1234A, there are, say, five PCs (Personal Computers) with 3270 simulators installed on them; different users are trying to "log-in" on Mainframes using the same RACF ID XX1234A on these five PCs (machines). In order to get a successful login on a different PC your session was cancelled by some one & you want to know who is that some one? |
|
| Back to top |
|
|
enrico-sorichetti
Superior Member
Joined: 14 Mar 2007
Posts: 10873
Location: italy
|
|
|
|
| if You have access to the sdsf log function use it to browse the console log |
|
| Back to top |
|
|
Anuj Dhawan
Superior Member
Joined: 22 Apr 2006
Posts: 6250
Location: Mumbai, India
|
|
|
|
Hi,
Yes, that would tell you the last command "used" on your ID. |
|
| Back to top |
|
|
dick scherrer
Moderator Emeritus
Joined: 23 Nov 2006
Posts: 19244
Location: Inside the Matrix
|
|
|
|
Hello,
| Quote: |
we can have 6 to 7 machines rite
|
If these machines are desktop machines and you are logging on to the same mainframe service (i.e. tso, cics) you will have the problem i mentioned earlier. Multiple people cannot use the same mainframe id at the same time on the same service from different terminals. |
|
| Back to top |
|
|
Pedro
Global Moderator
Joined: 01 Sep 2006
Posts: 2547
Location: Silicon Valley
|
|
|
|
| Is there a reason that each person cannot have their own userid? |
|
| Back to top |
|
|
anandinmainframe
Active User
Joined: 31 May 2007
Posts: 171
Location: India
|
|
|
|
Hi,
For eg: XX1234A this is my id
i login to tso session by
TSOA1
XX1234A
PASSWORD
likewise others can login
TSOB1
XX1234A
PASSWORD
TSOC1
XX1234A
PASSWORD
so someone who logs in B1 or C1 is puging my machine
Is there a reason that each person cannot have their own userid?
yes thats right |
|
| Back to top |
|
|
bhaktavatsala.v
Warnings : 1
New User
Joined: 23 Mar 2007
Posts: 11
Location: India
|
|
|
|
Hi,
U mean to say like u have different TSO sessions say TSO1, TSO2, & TSO3 and u r using TSO1 with ur Racf XX1234A and
the other 2 using TSO2, and TSO3 with the same Racf XX1234A but different PCs,
so one of the other two are purging TSO1 connection with user ID XX1234A,
so as i know in any case the purging Owner ID will be XX1234A,
So i suggest if U know who are those two using Racf XX1234A ask them not to purge Ur TSO1 session(as per i know no other method). |
|
| Back to top |
|
|
Anuj Dhawan
Superior Member
Joined: 22 Apr 2006
Posts: 6250
Location: Mumbai, India
|
|
|
|
Hi,
| Quote: |
Is there a reason that each person cannot have their own userid?
yes thats right |
He asked a question, it was not an opinion. To use a single RACF ID to login on mainframes by multiple users is not "permitted" across the shops, at my shop it's a severe security violation. |
|
| Back to top |
|
|
enrico-sorichetti
Superior Member
Joined: 14 Mar 2007
Posts: 10873
Location: italy
|
|
|
|
this thread has been going on long enough without getting anywhere 
Ask the operation support to look at the console log to identify the cause |
|
| Back to top |
|
|
dick scherrer
Moderator Emeritus
Joined: 23 Nov 2006
Posts: 19244
Location: Inside the Matrix
|
|
|
|
Hello,
| Quote: |
| so someone who logs in B1 or C1 is puging my machine |
This is probably because vtam is only permitting one login per id.
Most security administration does not support the same id logged on multiple times.
I'd suggest you set up some number of "test user ids". The permissions for these test ids can be modified as needed.
If these are "real" users, they should have their own id. They should not use yours. |
|
| Back to top |
|
|
enrico-sorichetti
Superior Member
Joined: 14 Mar 2007
Posts: 10873
Location: italy
|
|
|
|
| Quote: |
| Most security administration does not support the same id logged on multiple times. |
it' s not a security issue... it' s an issue related to system setup ...
dataset allocation, grs definitions...
see also
http://www-1.ibm.com/support/docview.wss?uid=isg1OA09022
for reasons to discourage such approach
if the O/P, instead of whining, had provided a bit more info we could have solved the issue by now 
anyway unless they played some tricks, multiple logon are not allowed on the same system
| Code: |
IKJ56425I LOGON rejected, UserId IBMUSER already logged on to system XXXX
IKJ56400A ENTER LOGON OR LOGOFF-
|
|
|
| Back to top |
|
|
dick scherrer
Moderator Emeritus
Joined: 23 Nov 2006
Posts: 19244
Location: Inside the Matrix
|
|
|
|
Hello,
| Quote: |
| Most security administration does not support the same id logged on multiple times. |
| Quote: |
| it' s not a security issue... it' s an issue related to system setup ... |
I probably should have used different wording. At many sites i'm familiar with, it is a security issue for more than one person to use a particular userid.
| Code: |
| UserId IBMUSER already logged on to system XXXX |
Instead of this message (and i don't recall the IKfuzzywuzzy msg no), sometimes
| Code: |
| UserId IBMUSER already logged on at terminal XXXX. Do you wish to logoff there and continue with this session? |
was presented. If the user entered 'Y', the original session is terminated and the session continues at the "new" terminal. To the original session, it would appear "purged". |
|
| Back to top |
|
|
anandinmainframe
Active User
Joined: 31 May 2007
Posts: 171
Location: India
|
|
|
|
Hi
Thanks to everyone i iwill speak to the operation support team.
once again i thank you all for the support |
|
| Back to top |
|
|
satheeshkamal
New User
Joined: 09 Jan 2007
Posts: 28
Location: Chennai
|
|
|
|
| Quote: |
if You have access to the sdsf log function use it to browse the console log
|
If the tso session job of the user id is purged (I mean command: P in SDSF) instead of cancelled (I mean command: C in SDSF), then is there any other way around? |
|
| Back to top |
|
|
Pedro
Global Moderator
Joined: 01 Sep 2006
Posts: 2547
Location: Silicon Valley
|
|
|
|
> it is a security issue for more than one person ...
I think it is an issue of accountability. For example, what are you going to do when you find out that userid 'XX1234A' is cancelling your userid? We know that there are several in use, so you cannot blame any particular user.
I think each person should have their own userid.
>Is there a reason that each person cannot have their own userid?
>yes thats right
And what is the reason that they cannot have their own userid? |
|
| Back to top |
|
|
|
|
