A fix is available
APAR status
Closed as new function.
Error description
DirMaint NICDEF Security Controls support
Local fix
N/A
Problem summary
**************************************************************** * USERS AFFECTED: All DirMaint users exploiting the new NICDEF * * Security Support. * **************************************************************** * PROBLEM DESCRIPTION: * **************************************************************** * RECOMMENDATION: APPLY PTF * **************************************************************** With the PTFs for APARs VM65925, VM65926 and VM65931, the NICDEF user directory statement is enhanced to provide a set of new operands referred to as Directory Network Authorization (DNA). With DNA, a system administrator can configure and consolidate a virtual NIC device and its network properties in a secure, centralized loccation - a z/VM User Diretory. The following new NICDEF operands are supported by DNA: o PORTNUMBER <portnum> o PORTTYPE ACCESS|TRUNK o VLAN <vidset> o PROMISCUOUS|NOPROMISCUOUS This APAR, VM65926, specifically adds the Directory Maintenance Facility (DirMaint) support to accept and process the new operands on the NICDEF user directory statement and allows them to be specified through either the DirMaint command line or menu interface. In addition, both the VLAN <vidset> and PROMISCUOUS/NOPROMISCUOUS values will now be passed to the NICDEF Notification user exit (DVHXNN) and/or the RACF Connector Exit (DVHRVN) when the exit(s) are enabled and the operands are specified.
Problem conclusion
Temporary fix
Comments
- For information on the syntax and values of the new operands for the DirMaint NICDEF command see: SC24-6188-06 z/VM: Directory Maintenance Facility Commands Reference - For information on the new parameters passed to the NICDEF Notification exit (DVHXNN) and/or the RACF Connector exit (DVHRVN) see: SC24-6190-06 z/VM: Directory Maintenance Facility Tailoring and Administration Guide - The default authorization for the NICDEF command has been changed from G (General) to A (Administration, non-DASD related). If you wish to change the default you will need to follow the instructions in the z/VM: Directory Maintenance Facility Tailoring and Administration Guide, Chapter 3. 'Tailoring the DIRMAINT Service Machine' under the heading: 'Overriding and Supplementing the DirMaint Commands'. - A new configuration option, RACF_RDEFINE_VSWITCH_LAN, determines whether or not a RACF profile (via RDEFINE) should be added for a virtual switch or guest LAN if one does not currently exist during an 'add' operation. The default is YES. To change the default you will need to update your CONFIGxx DATADVH or CONFIGRC DATADVH file specifying: RACF_RDEFINE_VSWITCH_LAN= NO For information on updating your CONFIGxx DATADVH or or CONFIGRC DATADVH file see the z/VM: Directory Maintenance Tailoring and Administration Guide, Chapter 3. 'Tailoring the DIRMAINT Service Machine' under the heading 'CONFIG DATADVH'. - Message DVH2209E has been updated and message DVH3898E has been added. For details see the z/VM: Directory Maintenance Facility Messages book. ×**** PE17/08/24 FIX IN ERROR. SEE APAR VM66065 FOR DESCRIPTION ×**** PE17/11/27 FIX IN ERROR. SEE APAR VM66097 FOR DESCRIPTION ×**** PE18/05/17 FIX IN ERROR. SEE APAR VM66163 FOR DESCRIPTION ×**** PE18/11/15 FIX IN ERROR. SEE APAR VM66227 FOR DESCRIPTION
APAR Information
APAR number
VM65926
Reported component name
IBM DIRMAINT-VM
Reported component ID
5749DVH00
Reported release
640
Status
CLOSED UR1
PE
NoPE
HIPER
NoHIPER
Special Attention
YesSpecatt / New Function / Xsystem
Submitted date
2016-10-28
Closed date
2017-07-27
Last modified date
2018-11-27
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
UV61338
Modules/Macros
CONFIG CONFIGRC DVHADD DVHADZ DVHAEZ DVHBBXED DVHCHGID DVHGSDEV DVHMENUS DVHPURGE DVHREP DVHRLDD DVHRLN DVHRUN DVHRVN DVHUPDIR DVH2209 DVH3898 NICDEF 150ASERV 150AUSER 150CMDS
SC24618806 | GC24618905 | SC24619006 |
Fix information
Fixed component name
IBM DIRMAINT-VM
Fixed component ID
5749DVH00
Applicable component levels
R640 PSY UV61338
UP17/08/02 P 1701
Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.
[{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG27M","label":"APARs - z\/VM environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"640","Edition":"","Line of Business":{"code":"LOB16","label":"Mainframe HW"}}]
Document Information
Modified date:
27 November 2018