Summary of changes for z/OS Version 2 Release 4 (V2R4)
The following changes are made to z/OS Version 2 Release 4 (V2R4).
New
The following information is new.
- January 2021 refresh
-
- RACF has added support for a new enhanced PassTicket algorithm option. The original PassTicket algorithm is now referred to as legacy PassTickets.
- The General Resource SSIGNON Data Record (0530) is updated to add new fields for enhanced PassTickets. See General resource SSIGNON data record (0530)
- The Table of extended-length relocate section variable data is updated with new enhanced PassTicket information to existing relocate 443 and new relocate 67.
- The The JOBINIT record extension section is updated with new enhanced PassTicket fields.
- The The PassTicket evaluation (PTEVAL) record extension and The PassTicket generation (PTCREATE) record extension sections are updated with new relocate section 67.
-
The SSIGNON segment is updated with new fields for enhanced PassTickets. See General template for the RACF database.
- The following sections are updated with enhanced PassTicket information:
- The RACF PassTicket
- Generating and evaluating a PassTicket
- Using the RCVTPTGN service to generate a PassTicket
- How the PassTicket-generation service works
- Incorporating the PassTicket generator algorithm into your program
- Input data for the generator algorithms
- How the legacy PassTicket generator algorithm works
- How the legacy PassTicket time-coder algorithm works
- The legacy PassTicket permutation tables
- The legacy PassTicket translation process
- How the enhanced PassTicket generator algorithm works
- How the enhanced PassTicket time-coder algorithm works
- The enhanced PassTicket translation table
- How the enhanced PassTicket character conversion works
- December 2020 refresh
-
- Added data types for subtype 7 relocate. See Relocate sections.
- September 2020 refresh
-
- Event code dec(hex) 24(18) bit types 6 and 7 were updated with new descriptions. See Table of data type 6 command-related data.
- Prior to June 2020 refresh
-
- A new ACEECHK class has been added to the supplied class descriptor table. See Supplied class descriptor table entries.
- The following DATASET record formats have been added:
- See Table of event codes and event code qualifiers the following event code qualifiers have been added to the Type
80 event code 1 (RACINIT) Record:
- 44(2C) - IDTVALF - Identity Token validation error
- 45(2D) - IDTF - Identity Token Build error
- 46(2F) - INVIDT - Failed Identity Token authentication
- The Table of extended-length relocate section variable data is updated to add a new bit to indicate that authentication is from an Identity Token.
- How the PassTicket-generation service works has been updated to include a table of reason codes if a PassTicket is not produced.
- The entry for Application name (relocate 20) in the Table of relocate section variable data has been updated to include RACROUTE REQUEST=VERIFY and VERIFYX.
- The JOBINIT record extension was updated to reuse the former reserved field INIT_RESERVED_01 as INIT_RELO443_EXTENDED. In addition, 24 new field names have been added based on the new extended relocate section 443.
- The following general resource record formats have been added:
- The General template for the RACF® database has been updated to include a new table for the CSDATA segment fields and to update the CFDEF segment fields table. See General template for the RACF database.
- The Data set template for the RACF database has been updated to include a new table for the CSDATA segment fields. SeeData set template for the RACF database.
- Two new fields have been added to the User KERB data record. See User KERB data record (02D0).
- Two new fields have been added to the General Resource KERB data record. See General resource KERB data record (0580).
New RACF supplied classes to CDT
The following RACF supplied classes are new, see Supplied class descriptor table entries:
- Prior to October 2020 refresh
- ACEECHK
Changed
- Prior to June 2020 refresh
-
- APAR OA57159 changes the MAXLENX of the LOGSTRM class to 44. See Supplied class descriptor table entries.
- APAR OA57972 changes the MAXLENX of the CSFKEYS and CSFSERV classes to 246. See Supplied class descriptor table entries.
- APAR OA58500 updates inaccurate documentation for the RACF database unload utility (IRRDBU00) data set basic data record (0400). The DSBD_RESERVED_02 field has been documented and the length of the DSBD_RESERVED_01 field has been corrected. See Data set basic data record (0400).
- APAR OA57721 updates the MAXLENX field for JESJOBS in the supplied class descriptor table has been updated to 246. See Supplied class descriptor table entries.
- The following general resource record formats have been updated:
- The IRRXUTIL REXX interface is enhanced to allow retrieval of a general resource class definition from either the static or dynamic Class Descriptor Table (CDT). See IRRXUTIL: REXX interface to R_admin extract.
- The chapter "The RACF secured signon PassTicket" has been renamed to The RACF PassTicket.
- The topic "How the secure signon service works" has been renamed to How the PassTicket-generation service works.
- The topic "Invoking the secured signon service" has been renamed to Invoking the PassTicket-generation service.
Changed RACF supplied classes to CDT
The following RACF supplied classes have been updated, see Supplied class descriptor table entries:
- Prior to October 2020 refresh
- CRYPTOZ
Deleted
No content has been deleted in this edition.