When Telnet is started separately its own address space, set up for the job is necessary.
Copy the generated TNSTART procedure to your recognized PROCLIB, such as SYS1.PROCLIB, and make sure the //PROFILE DD statement points to the correct file location.
Before Telnet can be started, security for the procedure name and the associated user ID must be defined. This discussion assumes RACF is the security subsystem being used. If another security product is used, refer to its manuals for equivalent set up instructions.
The procedure name must be added to the RACF STARTED
class and have the user ID associated with it as follows:
RDEFINE STARTED TN3270*.* STDATA(USER(TN3270))
SETROPTS RACLIST(STARTED) REFRESH
Define a superuser ID to associate with the job name by
adding a user ID to RACF and altering it to superuser status as follows:
ADDUSER TN3270
ALTUSER TN3270 OMVS(UID(0) PROGRAM ('/bin/sh') HOME('/'))
In this example, the user ID name is TN3270. Any name can be used. These two RACF commands can be combined into one command by putting the OMVS parameter on the ADDUSER command line. The add and alter commands are done separately in case the user ID already exists. In that case, the add would fail but the alter would still succeed.
If setting up a superuser ID is not desirable, you can instead permit the user ID to the BPX.SUPERUSER class using the following steps:
Sample statements for adding the procedure to the STARTED class and defining a superuser ID are in hlq.SEZAINST(EZARACF). For more detail about these functions, refer to z/OS UNIX System Services Planning, z/OS Security Server RACF Security Administrator's Guide, and z/OS Security Server RACF Command Language Reference.
The MVS default program property table (PPT) has the Telnet module set up as privileged, non-swappable, non-cancelable, running in key 6, and SYST. These settings give Telnet the same priority as the TCP/IP stack. Either privileged or SYST cause the started job to be assigned to the SYSSTC service class. The priority can be changed by assigning the job name to another service class within the STC subsystem.