Setup when starting a TN3270 Server in its own address space

When Telnet is started separately its own address space, set up for the job is necessary.

Copy the generated TNSTART procedure to your recognized PROCLIB, such as SYS1.PROCLIB, and make sure the //PROFILE DD statement points to the correct file location.

Before Telnet can be started, security for the procedure name and the associated user ID must be defined. This discussion assumes RACF is the security subsystem being used. If another security product is used, refer to its manuals for equivalent set up instructions.

The procedure name must be added to the RACF STARTED class and have the user ID associated with it as follows:
RDEFINE STARTED TN3270*.* STDATA(USER(TN3270))
SETROPTS RACLIST(STARTED) REFRESH

Define a superuser ID to associate with the job name by adding a user ID to RACF and altering it to superuser status as follows:
ADDUSER TN3270
ALTUSER TN3270 OMVS(UID(0) PROGRAM ('/bin/sh') HOME('/'))

In this example, the user ID name is TN3270. Any name can be used. These two RACF commands can be combined into one command by putting the OMVS parameter on the ADDUSER command line. The add and alter commands are done separately in case the user ID already exists. In that case, the add would fail but the alter would still succeed.

If setting up a superuser ID is not desirable, you can instead permit the user ID to the BPX.SUPERUSER class using the following steps:

  1. Add the user to RACF:
    ADDUSER TN3270
  2. Permit the user ID:
    1. Create a BPX.SUPERUSER FACILITY class profile:
      RDEFINE FACILITY BPX.SUPERUSER
    2. If this is the first class profile, activate the FACILITY class:
      SETROPTS CLASSACT(FACILITY)
      SETROPTS RACLIST(FACILITY)
    3. Permit the user to the class:
      ALTUSER TN3270 OMVS(UID(23) PROGRAM ('/bin/sh') HOME('/'))
      PERMIT BPX.SUPERUSER CLASS(FACILITY) ID(TN3270) ACESS(READ)
      In this example, the user ID is TN3270 and the UID is 23. The UID can be any nonzero number. UID 23 was used to match the well-known Telnet port number.
    4. Refresh the FACILITY class:
      SETROPTS RACLIST(FACILITY) REFRESH

Sample statements for adding the procedure to the STARTED class and defining a superuser ID are in hlq.SEZAINST(EZARACF). For more detail about these functions, refer to z/OS UNIX System Services Planning, z/OS Security Server RACF Security Administrator's Guide, and z/OS Security Server RACF Command Language Reference.

The MVS default program property table (PPT) has the Telnet module set up as privileged, non-swappable, non-cancelable, running in key 6, and SYST. These settings give Telnet the same priority as the TCP/IP stack. Either privileged or SYST cause the started job to be assigned to the SYSSTC service class. The priority can be changed by assigning the job name to another service class within the STC subsystem.


Previous step | Next step
Installation Instructions