Author Topic: New in V9, arsstash command and file - requires CSF to be up  (Read 7469 times)

Ed_Arnold

  • Hero Member
  • *****
  • Posts: 1199
    • View Profile
New in V9, arsstash command and file - requires CSF to be up
« on: March 29, 2013, 07:24:20 AM »
CMOD V9 on z/OS has a new facility, the arsstash command.

It's used to create an encrypted file (called a stash file) used to store userids/passwords.

Use it to replace wherever you're using userid/pw now.

On Multiplatform, CMOD uses the gskit to provide the encryption.  On z/OS, it uses ICSF.

ICSF - integrated cryptographic service facility 

ICSF must be available on the z/OS system to provide AES-128 encryption, which it will do in software or hardware if available.

Usually, there's a started task which most people call CSF running on the system which will provide this service.

If CSF is not running, you get the very unhelpful message below.


Typical creating a stash file scenario:

arsstash -a 1 -c -s /u/myuser/prodstash.stash -u myuser          
                                                                 
it will then prompt twice for the password.                     
                                                                 
If CSF is not up the messages returned are:                     
                                                                 
Verify OnDemand Password:                                       
ARS1602E The stash file >/u/myuser/prodstash.stash< is invalid. 
/usr/lpp/ars/V9R0M0/bin: >
                                     

Ed




#zOS #ODF

Ed_Arnold

  • Hero Member
  • *****
  • Posts: 1199
    • View Profile
Re: New in V9, arsstash command and file - requires CSF to be up
« Reply #1 on: March 29, 2013, 08:32:19 AM »
How do I know if I have CSF up and running so that CMOD V9 can use it?

Use the MODIFY command against your ARSSOCKD.

On a system where CSF is up and running:

F ARSSOCKD,D,ICSF                               
ARS0438I 15.21.18 DISPLAY ICSF               
CSFIQF RC=00, RSN=00000000, AES=3, FMID=HCR7780 



On a system where CSF has not been started:

F ARSSOCKD,D,ICSF                             
ARS0438I 15.28.36 DISPLAY ICSF             
CSFIQF RC=12, RSN=00000000, AES=0, FMID=N/A 
 
#zOS #ODF

tbe2856

  • Jr. Member
  • **
  • Posts: 21
    • View Profile
Re: New in V9, arsstash command and file - requires CSF to be up
« Reply #2 on: October 07, 2016, 08:50:59 AM »
Ed,

I just saw this as we are currently in the process of installing v9.5.  What if you don't have a crypto processor
on your machine?

Thanks
Tom

tbe2856

  • Jr. Member
  • **
  • Posts: 21
    • View Profile
Re: New in V9, arsstash command and file - requires CSF to be up
« Reply #3 on: October 07, 2016, 10:47:39 AM »
This what we currently have specified for ARSLOAD.  I don't see the -U as valid parm in the V9.5 Admin Guide.

//ARSLOADC    EXEC    PGM=ARSLOAD,REGION=0M,TIME=NOLIMIT,             
//  PARM='/-h ARCHIVE -C O -A WRITER -G FORMS -D TESTOD -f -E -K
//             -c ars2/tmp2 -U /etc/ars/arsload.cfg'             

Ed_Arnold

  • Hero Member
  • *****
  • Posts: 1199
    • View Profile
Re: New in V9, arsstash command and file - requires CSF to be up
« Reply #4 on: October 08, 2016, 11:41:01 AM »
Ed,

I just saw this as we are currently in the process of installing v9.5.  What if you don't have a crypto processor
on your machine?

Thanks
Tom

Then you can't use a stash file and will need to specify userid and password any of the "old" ways.

Ed
#zOS #ODF

Ed_Arnold

  • Hero Member
  • *****
  • Posts: 1199
    • View Profile
Re: New in V9, arsstash command and file - requires CSF to be up
« Reply #5 on: October 08, 2016, 11:43:17 AM »
This what we currently have specified for ARSLOAD.  I don't see the -U as valid parm in the V9.5 Admin Guide.

//ARSLOADC    EXEC    PGM=ARSLOAD,REGION=0M,TIME=NOLIMIT,             
//  PARM='/-h ARCHIVE -C O -A WRITER -G FORMS -D TESTOD -f -E -K
//             -c ars2/tmp2 -U /etc/ars/arsload.cfg'           

Correct.  "-U" has been deprecated.

Ed
#zOS #ODF

tbe2856

  • Jr. Member
  • **
  • Posts: 21
    • View Profile
Re: New in V9, arsstash command and file - requires CSF to be up
« Reply #6 on: October 11, 2016, 06:50:37 AM »
Ed,

So one of the old ways was to put the user/password in a file and use the -U to indicate the name of the file.
As that is not available is the only option to specify the user/password in the PARM field?

         -u userid -p password

Thanks
Tom

Ed_Arnold

  • Hero Member
  • *****
  • Posts: 1199
    • View Profile
#zOS #ODF

ibmarthin

  • Jr. Member
  • **
  • Posts: 68
    • View Profile
Re: New in V9, arsstash command and file - requires CSF to be up
« Reply #8 on: November 15, 2016, 12:48:02 AM »
Has anyone succeeded using stash file for running arsload?

Because I wonder what is the purpose of the ars.cfg parameter:
SRVR_OD_STASH= usr/lpp/ars/config/stashfiles/arsload.stash                                         

I can't run the arsload without specifying the full path to the stash file:
/usr/lpp/ars/V9R5M0/bin/arsload -u USERID -p /usr/lpp/ars/config/stashfiles/arsload.stash                                 

Omitting the -p /usr/lpp/ars/config/stashfiles/arsload.stash
 it says:
stash file >< either does not exist or is not valid.
« Last Edit: November 01, 2017, 06:19:19 AM by Justin Derrick »

Justin Derrick

  • IBM Content Manager OnDemand Consultant
  • Administrator
  • Hero Member
  • *****
  • Posts: 2228
  • CMOD Guru for hire...
    • View Profile
    • Tenacious Consulting
Re: New in V9, arsstash command and file - requires CSF to be up
« Reply #9 on: November 15, 2016, 04:21:55 AM »
Hi Marthin...

Not trying to nitpick, but you *are* missing the leading slash from the path on your SRVR_OD_STASH parameter, and that might be causing the problem.

-JD.
IBM CMOD Professional Services: http://TenaciousConsulting.com
Call:  +1-866-533-7742  or  eMail:  jd@justinderrick.com
IBM CMOD Wiki:  https://CMOD.wiki/
FREE IBM CMOD Education & Webinars:  https://CMOD.Training/

Interests: #AIX #Linux #Multiplatforms #DB2 #TSM #SP #Performance #Security #Audits #Customizing #Availability #HA #DR

ibmarthin

  • Jr. Member
  • **
  • Posts: 68
    • View Profile
Re: New in V9, arsstash command and file - requires CSF to be up
« Reply #10 on: November 15, 2016, 05:39:32 AM »
That's ok to be awake :-)
But the slash "disappeared" in the copy/paste process .
but the real problem was that SRVR_OD_STASH= belongs in ars.ini not ars.cfg
After that change I can run arsload without  the -p

Justin Derrick

  • IBM Content Manager OnDemand Consultant
  • Administrator
  • Hero Member
  • *****
  • Posts: 2228
  • CMOD Guru for hire...
    • View Profile
    • Tenacious Consulting
Re: New in V9, arsstash command and file - requires CSF to be up
« Reply #11 on: November 15, 2016, 06:46:18 AM »
Excellent!  I'm glad to hear you got the problem solved, and thanks again for posting the solution.

Take care.  :)

-JD.
IBM CMOD Professional Services: http://TenaciousConsulting.com
Call:  +1-866-533-7742  or  eMail:  jd@justinderrick.com
IBM CMOD Wiki:  https://CMOD.wiki/
FREE IBM CMOD Education & Webinars:  https://CMOD.Training/

Interests: #AIX #Linux #Multiplatforms #DB2 #TSM #SP #Performance #Security #Audits #Customizing #Availability #HA #DR