The following is the SESSION
segment of the GENERAL template. |
SESSION |
001 |
00 |
00 |
00000000 |
00 |
|
Start of segment fields |
SESSKEY |
002 |
00 |
00 |
00000000 |
00 |
Bin |
Session key; maximum length = 8 |
SLSFLAGS |
003 |
20 |
00 |
00000001 |
00 |
Bin |
Session flag byte - Bit
- Meaning when set
- 0
- SLSLOCK-This profile is locked out
- 1–7
- Reserved for IBM's use
|
KEYDATE |
004 |
00 |
00 |
00000004 |
00 |
Date |
Last date session key was changed. It is in
the format 0cyyddF where c=0
for 1900–1999 and c=1 for 2000–2099. For
more information on this MVS-returned format, see z/OS MVS Programming: Assembler Services Guide. |
KEYINTVL |
005 |
00 |
00 |
00000002 |
00 |
Int |
Number of days before session key expires |
SLSFAIL |
006 |
00 |
00 |
00000002 |
00 |
Int |
Current number of invalid attempts |
MAXFAIL |
007 |
00 |
00 |
00000002 |
00 |
Int |
Number of invalid attempts before lockout |
SENTCNT |
008 |
10 |
00 |
00000004 |
00 |
Int |
Number of session entities in list |
SENTITY |
009 |
80 |
00 |
00000035 |
00 |
Char |
Entity name |
SENTFLCT |
010 |
80 |
00 |
00000002 |
00 |
Int |
Number of failed attempts for this entity |
CONVSEC |
011 |
20 |
00 |
00000001 |
00 |
Bin |
Conversation security. - Value
- Meaning
- X'40'
- Conversation security
- X'50'
- Persistent verification
- X'60'
- User ID and password already verified
- X'70'
- User ID and password already verified plus persistent verification
- X'80'
- Security none
|
The following is the DLFDATA
segment of the GENERAL template. |
DLFDATA |
001 |
00 |
00 |
00000000 |
00 |
|
Start of segment fields |
RETAIN |
002 |
20 |
00 |
00000001 |
00 |
Bin |
Retain flag byte |
JOBNMCNT |
003 |
10 |
00 |
00000004 |
00 |
Int |
Count of jobnames |
JOBNAMES |
004 |
80 |
00 |
00000000 |
00 |
Char |
Jobnames; maximum length = 8 |
The following is the SSIGNON
segment of the GENERAL template. |
SSIGNON |
001 |
00 |
00 |
00000000 |
00 |
|
Start of segment fields |
SSKEY |
002 |
00 |
00 |
00000000 |
00 |
Bin |
Secured signon key |
The following is the STDATA
segment of the GENERAL template. |
STDATA |
001 |
00 |
00 |
00000000 |
00 |
|
Start of segment fields |
STUSER |
002 |
00 |
00 |
00000008 |
40 |
Char |
User ID or =MEMBER |
STGROUP |
003 |
00 |
00 |
00000008 |
40 |
Char |
Group name or =MEMBER |
FLAGTRUS |
004 |
20 |
00 |
00000001 |
00 |
Bin |
Trusted flag, X'80' = trusted |
FLAGPRIV |
005 |
20 |
00 |
00000001 |
00 |
Bin |
Privileged flag, X'80' = privileged |
FLAGTRAC |
006 |
20 |
00 |
00000001 |
00 |
Bin |
Trace usage flag X'80' = issue IRR8I2I |
The following is the SVFMR
segment of the GENERAL template. |
SVFMR |
001 |
00 |
00 |
00000000 |
00 |
|
Start of segment fields |
SCRIPTN |
002 |
00 |
00 |
00000008 |
00 |
Char |
Script name |
PARMN |
003 |
00 |
00 |
00000008 |
00 |
Char |
Parameter name |
The
following is the CERTDATA segment of the GENERAL template. |
CERTDATA |
001 |
00 |
00 |
00000000 |
00 |
|
Start of segment fields |
CERT |
002 |
00 |
00 |
00000000 |
00 |
Bin |
Digital certificate |
CERTPRVK |
003 |
00 |
00 |
00000000 |
00 |
Bin |
Private key or key
label |
RINGCT |
004 |
10 |
00 |
00000004 |
00 |
Int |
Number of key rings
associated with this certificate |
RINGNAME |
005 |
80 |
00 |
00000000 |
00 |
Char |
Profile name of a ring
with which this certificate is associated |
CERTSTRT |
006 |
00 |
00 |
00000000 |
00 |
|
Date and time from
which the certificate is valid. If the year is 2041 or earlier, this
is an 8-byte TOD format field. If the year is later than 2041, this
is the first 8 bytes of an ETOD format field. If the first byte is
greater than X'38', the date is in TOD format; otherwise
it is in ETOD format. |
CERTEND |
007 |
00 |
00 |
00000000 |
00 |
|
Date and time after
which the certificate is not valid. If the year is 2041 or earlier,
this is an 8-byte TOD format field. If the year is later than 2041,
this is the first 8 bytes of an ETOD format field. If the first byte
is greater than X'38', the date is in TOD format; otherwise
it is in ETOD format. |
CERTCT |
008 |
10 |
00 |
00000004 |
00 |
Int |
The number of certificates
associated with this key ring. CERTCT is a repeat group that identifies
the certificates associated with a key ring. CERTCT is used only with
DIGTRING profiles. |
CERTNAME |
009 |
80 |
00 |
00000000 |
00 |
Char |
The profile name of
the certificate |
CERTUSAG |
010 |
80 |
00 |
00000004 |
00 |
Bin |
Certificate usage in
ring: - X'00000000' – PERSONAL
- X'00000001' – SITE
- X'00000002' – CERTAUTH
|
CERTDFLT |
011 |
80 |
00 |
00000001 |
00 |
Bin |
Verifies if it is the
default certificate: - X'00' – Not the default
- X'80' – The default
|
CERTSJDN |
012 |
80 |
00 |
00000000 |
00 |
Bin |
The subject name of
the entity to whom the certificate is issued. This field is a BER-encoded
format of the subject's distinguished name as contained in the certificate |
CERTLABL |
013 |
80 |
00 |
00000000 |
00 |
Char |
Label associated with
the certificate |
CERTRSV1 |
014 |
80 |
00 |
00000000 |
00 |
|
Reserved for IBM's
use. |
CERTRSV2 |
015 |
80 |
00 |
00000000 |
00 |
|
Reserved for IBM's
use. |
CERTRSV3 |
016 |
80 |
00 |
00000000 |
00 |
|
Reserved for IBM's
use. |
CERTRSV4 |
017 |
80 |
00 |
00000000 |
00 |
|
Reserved for IBM's
use. |
CERTRSV5 |
018 |
80 |
00 |
00000000 |
00 |
|
Reserved for IBM's
use. |
CERTRSV6 |
019 |
80 |
00 |
00000000 |
00 |
|
Reserved for IBM's
use. |
CERTRSV7 |
020 |
80 |
00 |
00000000 |
00 |
|
Reserved for IBM's
use. |
CERTRSV8 |
021 |
80 |
00 |
00000000 |
00 |
|
Reserved for IBM's
use. |
CERTRSV9 |
022 |
80 |
00 |
00000000 |
00 |
|
Reserved for IBM's
use. |
CERTRSVA |
023 |
80 |
00 |
00000000 |
00 |
|
Reserved for IBM's
use. |
CERTRSVB |
024 |
80 |
00 |
00000000 |
00 |
|
Reserved for IBM's
use. |
CERTRSVC |
025 |
80 |
00 |
00000000 |
00 |
|
Reserved for IBM's
use. |
CERTRSVD |
026 |
80 |
00 |
00000000 |
00 |
|
Reserved for IBM's
use. |
CERTRSVE |
027 |
80 |
00 |
00000000 |
00 |
|
Reserved for IBM's
use. |
CERTRSVF |
028 |
80 |
00 |
00000000 |
00 |
|
Reserved for IBM's
use. |
CERTRSVG |
029 |
80 |
00 |
00000000 |
00 |
|
Reserved for IBM's
use. |
CERTRSVH |
030 |
80 |
00 |
00000000 |
00 |
|
Reserved for IBM's
use. |
CERTRSVI |
031 |
80 |
00 |
00000000 |
00 |
|
Reserved for IBM's
use. |
CERTRSVJ |
032 |
80 |
00 |
00000000 |
00 |
|
Reserved for IBM's
use. |
CERTRSVK |
033 |
80 |
00 |
00000000 |
00 |
|
Reserved for IBM's
use. |
CERTPRVT |
034 |
00 |
00 |
00000004 |
00 |
Bin |
Associated key type:
- X'00000000' – No associated key
- X'00000001' – PKCS DER-encoded
- X'00000002' – ICSF token label
- X'00000003' – PCICC label
- X'00000004' – DSA
- X'00000005' – ICSF public token label
- X'00000006' – Reserved for IBM's use
- X'00000007' – NIST ECC key
- X'00000008' – Brainpool ECC key
- X'00000009' – NIST ECC token label in PKDS
- X'0000000A' – Brainpool ECC token label in PKDS
- X'0000000B' – RSA token label in TKDS
- X'0000000C' – NIST ECC token label in TKDS
- X'0000000D' – Brainpool ECC token label in TKDS
|
CERTPRVS |
035 |
00 |
00 |
00000004 |
00 |
Int |
Private key size in
bits |
CERTLSER |
036 |
00 |
00 |
00000008 |
00 |
Bin |
The low order 8 bytes
of the last certificate that was signed with this key. This field
is used with DIGTCERT profiles only |
RINGSEQN |
037 |
00 |
00 |
00000004 |
00 |
Int |
Ring change count |
The
following is the TME segment
of the GENERAL template. |
TME |
001 |
00 |
00 |
00000000 |
00 |
|
Start of segment fields |
PARENT |
002 |
00 |
00 |
00000000 |
00 |
Char |
Parent name |
CHILDN |
003 |
10 |
00 |
00000004 |
00 |
Int |
Count of children |
CHILDREN |
004 |
80 |
00 |
00000000 |
00 |
Char |
Child names |
RESN |
005 |
10 |
00 |
00000004 |
00 |
Int |
Count of resource-access
specifications |
RESOURCE |
006 |
80 |
00 |
00000000 |
00 |
|
Resource-access specifications |
GROUPN |
007 |
10 |
00 |
00000004 |
00 |
Int |
Count of groups |
GROUPS |
008 |
80 |
00 |
00000008 |
00 |
|
Group names |
ROLEN |
009 |
10 |
00 |
00000004 |
00 |
Int |
Count of role-access
specifications |
ROLES |
010 |
80 |
00 |
00000000 |
00 |
Char |
Role-access specifications |
The following is the KERB segment
of the GENERAL template. |
KERB |
001 |
00 |
00 |
00000000 |
00 |
|
Start of segment fields |
KERBNAME |
002 |
00 |
00 |
00000000 |
00 |
Char |
Kerberos realm name |
MINTKTLF |
003 |
00 |
00 |
00000000 |
00 |
Char |
Minimum ticket life |
MAXTKTLF |
004 |
00 |
00 |
00000000 |
00 |
Char |
Maximum ticket life |
DEFTKTLF |
005 |
00 |
00 |
00000000 |
00 |
Char |
Default ticket life |
SALT |
006 |
00 |
00 |
00000000 |
00 |
Char |
Current key salt |
ENCTYPE |
007 |
00 |
00 |
00000000 |
00 |
Char |
Encryption type |
CURKEYV |
008 |
00 |
00 |
00000000 |
00 |
Char |
Current key version |
CURKEY |
009 |
00 |
00 |
00000000 |
00 |
Char |
Current DES key |
PREVKEYV |
010 |
00 |
00 |
00000000 |
00 |
Char |
Previous key version |
PREVKEY |
011 |
00 |
00 |
00000000 |
00 |
Char |
Previous DES key |
ENCRYPT |
012 |
00 |
00 |
00000004 |
55 |
Char |
Encryption type |
CHKADDRS |
013 |
00 |
00 |
00000001 |
00 |
Char |
Check addresses flag |
The following is the PROXY
segment of the GENERAL template. |
PROXY |
001 |
00 |
00 |
00000000 |
00 |
|
Start of segment fields |
LDAPHOST |
002 |
00 |
00 |
00000000 |
00 |
Char |
LDAP server URL; maximum length: 1023 |
BINDDN |
003 |
00 |
00 |
00000000 |
00 |
Char |
Bind distinguished name; maximum length: 1023 |
BINDPW |
004 |
00 |
08 |
00000000 |
00 |
Char |
Bind password; maximum length: 128 |
BINDPWKY |
005 |
00 |
08 |
00000071 |
00 |
Char |
Bind password mask or encrypt key |
The following is the EIM segment
of the GENERAL template. |
EIM |
001 |
00 |
00 |
00000000 |
00 |
|
Start of segment fields |
DOMAINDN |
002 |
00 |
00 |
00000000 |
00 |
Char |
EIM Domain Distinguished Names |
OPTIONS |
003 |
00 |
00 |
00000004 |
55 |
Char |
EIM Options |
LOCALREG |
004 |
00 |
00 |
00000000 |
00 |
Char |
Local Registry Name |
KERBREG |
005 |
00 |
00 |
00000000 |
00 |
Char |
Kerberos Registry Name |
X509REG |
006 |
00 |
00 |
00000000 |
00 |
Char |
X509 Registry Name |
The following is the ALIAS
segment of the GENERAL template. |
ALIAS |
001 |
00 |
00 |
00000000 |
00 |
|
Start of segment fields |
IPLOOK |
002 |
00 |
10 |
00000016 |
00 |
Bin |
IP lookup value |
The following is the CDTINFO
segment of the GENERAL template. |
CDTINFO |
001 |
00 |
00 |
0 |
0 |
|
Start of segment fields |
CDTPOSIT |
002 |
00 |
00 |
4 |
FF |
Int |
POSIT number for class |
CDTMAXLN |
003 |
00 |
00 |
1 |
8 |
Int |
Maximum length of profile names |
CDTMAXLX |
004 |
00 |
00 |
4 |
FF |
Int |
Maximum resource or profile name length when
using ENTITYX |
CDTDFTRC |
005 |
00 |
00 |
1 |
4 |
Int |
Default return code |
CDTKEYQL |
006 |
00 |
00 |
4 |
0 |
Int |
Number of key qualifiers |
CDTGROUP |
007 |
00 |
00 |
8 |
0 |
Char |
Resource grouping class name |
CDTMEMBR |
008 |
00 |
00 |
8 |
0 |
Char |
Member class name |
CDTFIRST |
009 |
00 |
00 |
1 |
X'C0' |
Bin |
Character restriction for first character of
profile name - Value
- Meaning
- X'80'
- Alphabetic
- X'40'
- National
- X'20'
- Numeric
- X'10'
- Special
|
CDTOTHER |
010 |
00 |
00 |
1 |
X'C0' |
Bin |
Character restriction for characters of the
profile name other than the first character - Value
- Meaning
- X'80'
- Alphabetic
- X'40'
- National
- X'20'
- Numeric
- X'10'
- Special
|
CDTOPER |
011 |
00 |
00 |
1 |
X'00' |
Bin |
Operations attribute considered - Value
- Meaning
- X'80'
- RACF considers OPERATIONS
attribute
|
CDTUACC |
012 |
00 |
00 |
1 |
X'01' |
Bin |
Default UACC - Value
- Meaning
- X'80'
- ALTER
- X'40'
- CONTROL
- X'20'
- UPDATE
- X'10'
- READ
- X'08'
- EXECUTE
- X'04'
- UACC from ACEE
- X'01'
- NONE
|
CDTRACL |
013 |
00 |
00 |
1 |
X'00' |
Bin |
SETROPTS RACLIST - Value
- Meaning
- X'00'
- RACLIST disallowed
- X'80'
- RACLIST allowed
- X'40'
- RACLIST required
|
CDTGENL |
014 |
00 |
00 |
1 |
X'00' |
Bin |
SETROPTS GENLIST - Value
- Meaning
- X'80'
- GENLIST allowed
|
CDTPRFAL |
015 |
00 |
00 |
1 |
X'80' |
Bin |
Profiles allowed - Value
- Meaning
- X'80'
- Profiles are allowed
|
CDTSLREQ |
016 |
00 |
00 |
1 |
X'00' |
Bin |
Security labels required - Value
- Meaning
- X'80'
- Security labels are required
|
CDTMAC |
017 |
00 |
00 |
1 |
X'80' |
Bin |
Mandatory access checking (MAC) processing - Value
- Meaning
- X'80'
- Normal mandatory access checks
- X'40'
- Reverse mandatory access checks
- X'20'
- Equal mandatory access checks
|
CDTSIGL |
018 |
00 |
00 |
1 |
X'00' |
Bin |
ENF Signal - Value
- Meaning
- X'80'
- ENF signal to be sent
|
CDTCASE |
019 |
00 |
00 |
1 |
X'00' |
Bin |
Case of profile names - Value
- Meaning
- X'00'
- Uppercase
- X'80'
- ASIS - preserve case
|
CDTGEN |
020 |
00 |
00 |
1 |
X'80' |
Bin |
SETROPTS GENERIC - Value
- Meaning
- X'80'
- GENERIC allowed
|
The following is the ICTX segment
of the GENERAL template. |
ICTX |
001 |
00 |
00 |
00000000 |
00 |
|
Start of segment fields |
USEMAP |
002 |
00 |
00 |
00000001 |
80 |
Bin |
Application supplied mapping - Value
- Meaning
- X'80'
- Use the mapping
|
DOMAP |
003 |
00 |
00 |
00000001 |
00 |
Bin |
Identity cache mapping - Value
- Meaning
- X'80'
- Do the mapping
|
MAPREQ |
004 |
00 |
00 |
00000001 |
00 |
Bin |
- Value
- Meaning
- X'80'
- Mapping is required
|
MAPTIMEO |
005 |
00 |
00 |
00000002 |
00 |
Int |
Mapping timeout adjustment |
The following is the CFDEF
segment of the GENERAL template. |
CFDEF |
001 |
00 |
00 |
0 |
0 |
|
Start of segment fields for defining custom
field attributes |
CFDTYPE |
002 |
00 |
00 |
1 |
01 |
Bin |
Data type for custom field: - 01 - character
- 02 - numeric
- 03 - flag
- 04 - hex
|
CFMXLEN |
003 |
00 |
00 |
4 |
FF |
Int |
Maximum field length |
CFMXVAL |
004 |
00 |
00 |
4 |
FF |
Int |
Maximum numeric value |
CFMNVAL |
005 |
00 |
00 |
4 |
FF |
Int |
Minimum numeric value |
CFFIRST |
006 |
00 |
00 |
1 |
00 |
Bin |
First character restrictions: - 01 - alpha
- 02 - alphanum
- 03 - any
- 04 - nonatabc
- 05 - nonatnum
- 06 - numeric
|
CFOTHER |
007 |
00 |
00 |
1 |
00 |
Bin |
Other character restrictions: - 01 - alpha
- 02 - alphanum
- 03 - any
- 04 - nonatabc
- 05 - nonatnum
- 06 - numeric
|
CFMIXED |
008 |
20 |
00 |
1 |
00 |
Bin |
If bit 0 is on, mixed case is allowed |
CFHELP |
009 |
00 |
00 |
00 |
00 |
Char |
Help text; maximum length = 255 |
CFLIST |
010 |
00 |
00 |
00 |
00 |
Char |
List heading text; maximum length = 40 |
The following is the SIGVER
segment of the GENERAL template. |
SIGVER |
001 |
00 |
00 |
0 |
0 |
|
Start of segment fields |
SIGREQD |
002 |
00 |
00 |
1 |
0 |
Bin |
Module must have a signature: - Value
- Meaning
- X'80'
- Yes
- X'00'
- No
|
FAILLOAD |
003 |
00 |
00 |
1 |
0 |
Bin |
Loader failure conditions: - Value
- Meaning
- X'80'
- Bad signature only
- X'40'
- Any failing signature condition
- X'00'
- Never
|
SIGAUDIT |
004 |
00 |
00 |
1 |
0 |
Bin |
RACF audit
conditions: - Value
- Meaning
- X'80'
- Bad signature only
- X'40'
- Any failing signature condition
- X'20'
- Success
- X'01'
- All
- X'00'
- None
|
The following is the ICSF segment
of the GENERAL template. |
ICSF |
01 |
00 |
00 |
00000000 |
00 |
|
Start of segment fields for defining ICSF attributes |
CSFSEXP |
02 |
00 |
00 |
00000001 |
00 |
Bin |
Symmetric key export option: - Value
- Meaning
- X'80'
- BYLIST
- X'40'
- BYNONE
- X'00'
- BYANY
|
CSFSKLCT |
03 |
10 |
00 |
00000004 |
00 |
Int |
Count of PKDS labels |
CSFSKLBS |
04 |
80 |
00 |
00000000 |
00 |
Char |
PKDS labels that might be used to export this
symmetric key |
CSFSCLCT |
05 |
10 |
00 |
00000004 |
0 |
Int |
Count of certificate labels |
CSFSCLBS |
06 |
80 |
00 |
00000000 |
00 |
Char |
Certificate labels that might be used to export
this symmetric key |
CSFAUSE |
07 |
00 |
00 |
00000004 |
55 |
Bin |
Asymmetric key usage. In byte 3: - Value
- Meaning
- X'08'
- NOSECUREEXPORT
- X'04'
- SECUREEXPORT
- X'02'
- NOHANDSHAKE
- X'01'
- HANDSHAKE
|
CSFSCPW |
08 |
00 |
00 |
00000001 |
00 |
Bin |
Symmetric key CPACF wrap - Value
- Meaning
- X'80'
- YES
- X'00'
- NO
|