Zabezpieczony: iSeries i5/OS: Top 10 Q&As

Treść jest chroniona. Proszę podać hasło:

Hasło:

iSeries authority – how the system checks it

When a user attempts to perform an operation on an object, the system verifies that the user has adequate authority for the operation. The system first checks authority to the library or directory path that contains the object. If the authority to the library or directory path is adequate, the system checks authority to the object itself. In the case of database files, authority checking is done at the time the file is opened, not when each individual operation to the file is performed.

During the authority-checking process, when any authority is found (even if it is not adequate for the requested operation) authority checking stops and access is granted or denied. The adopted authority function is the exception to this rule.

Adopted authority can override any specific (and inadequate) authority found.

The system verifies a user’s authority to an object in the following order:

1. Object’s authority – fast path

2. User’s *ALLOBJ special authority

3. User’s specific authority to the object

4. User’s authority on the authorization list securing the object

5. Groups’ *ALLOBJ special authority

6. Groups’ authority to the object

7. Groups’ authority on the authorization list securing the object

8. Public authority specified for the object or for the authorization list securing the object

9. Program owner’s authority, if adopted authority is used

Authority from one or more of the user’s groups may be accumulated to find sufficient authority for the object being accessed.

IPL types and modes; Front Panel Keys Configuration

The IPL types and modes are:
 A M       Performs a Manual IPL from the A side of the disk.  This mode may be

              used when applying or removing Licensed Internal Code (LIC) PTFs.

              It can also be used to power off the system.
              Use this type and mode only under the direction of your support

              representative.
  A N       Performs a Normal IPL from the A side of the disk.
              This mode should only be used when B N does not work and you are

              told to do so by your support representative.
  B M       Performs a Manual IPL from the B side of the disk.  This mode should

              only be used when an attended IPL must be performed or you need to

              power off the system.  This type of IPL is used when you need to change

              the system date and time permanently.
  B N       Performs a normal IPL from the B side of the disk.  This is the type

              and mode used most of the time.  It is also the mode the system must

              be in if you want to do an unattended IPL.
  C M       Allows service representatives to perform a special IPL.  This mode

              is for use only by service representatives.  Never IPL in this type

              and mode.
  C N       Allows service representatives to perform a special IPL.  This mode

              is for use only by service representatives.  Never IPL in this type

              and mode.
  D M       Performs a manual IPL from either CD-ROM or tape.  This mode is used

              to install Licensed Internal Code and the OS/400 operating system in

              attended mode.  This is the most often used IPL type and mode for

              installation.
  D N       Performs a normal IPL from either CD-ROM or tape.  This mode is used

              to install Licensed Internal Code and the OS/400 operating system in

              unattended mode.
  Manual    When the mode is set to Manual (M), the system allows you to do all

               manual IPLs, such as an operator-attended IPL from disk, CD-ROM or tape.

               Manual mode also allows you to do some manual control functions, such

               as selecting an IPL type and mode or displaying the kind of IPL that

               the system is set to run. However, in manual mode, you cannot do a

               remote IPL, an IPL by date and time, or an IPL after a power failure.
               Note:  You should set the mode to Manual only when it is necessary.

               This ensures that no one accidentally presses the Power pushbutton

               and causes the system to stop.
  Normal    The Normal mode allows you to turn the power on and then automatically

               start the system in any of the following ways:
               IPL remotely
               IPL by date and time
               IPL after a power failure
            Note:  Your system should be in Normal mode most of the time.

Links

ODBC Exit Pgm
http://www.geocities.com/~alex_nubla/extdbse.txt

TCP/IP

Kliknij, aby uzyskać dostęp rzaku.pdf

20 FTP tips
http://search400.techtarget.com/featuredTopic/0,290042,sid3_gci1000082,00.html

Software Knowledge Base
http://www-912.ibm.com/s_dir/slkbase.nsf/slkbase

Primary Group
http://publib.boulder.ibm.com/infocenter/systems/topic/rzarl/rzarlspcfauth.htm?tocNode=int_63970
http://publib.boulder.ibm.com/infocenter/systems/index.jsp?topic=/rzarl/rzarlcasepgp.htm

Tommy’s Home Page
http://tommyholden.com/downloads/index.html

TYLOGIX Reference Links
http://www.tylogix.com/TYLOGIX%20Main%20Directory/TYLOGIX_Reference.htm
http://www.tylogix.com/TYLOGIX%20Main%20Directory/TYLOGIX_Managing.htm

AS400Pro.com Welcome AS/400 – i5 – iSeries Professionals
http://www.as400pro.com/index
http://www.as400pro.com/tipListInq/category/FTP

Yet Another Way to Build CSV Files

IBM i PTF Guide

IBM i PTF Guide

IBM i PTF Guide

FTP

Kliknij, aby uzyskać dostęp rzaiq.pdf

ftp to prtf http://www.itjungle.com/mgo/mgo121003-story02.html

System Job Tables

IBM i PTF Guide

iSeries (AS/400) Programming Tips Tips, Techniques and Articles

iSeries (AS/400) Programming Tips Tips, Techniques and Articles

http://www.as400pro.com/tipListInq/category/ProgTips/

Fix Central, Service Pack

iSeries Access for Windows Service Packs:
http://www-03.ibm.com/servers/eserver/iseries/access/casp.html

Recommended fixes:
http://www-912.ibm.com/s_dir/slkbase.nsf/recommendedfixes?openagent&rel=V5R3M0#topics

Fix Central:
http://www-912.ibm.com/eserver/support/fixes/fixcentral

Fixes:
http://www-304.ibm.com/jct01004c/systems/support/i/fixes/index.html

Logger program

Command: CALL LOGGER PARM(LOG TEXT)
LOG - PF

      A          R LOGRECORD

      A            TEKST         25          COLHDG('TEKST')

      A            TIMESTMP        Z         COLHDG('TIMESTAMP')                            
LOGGER - PGM
 FLOG       O  A E             DISK

 DTYPEIN           S             35

 C     *ENTRY        PLIST

 C                   PARM                    TYPEIN

 C                   Eval      timestmp = %timestamp()

 C                   Eval      TEKST = TYPEIN

 C                   Write     LOGRECORD

 C                   Eval      *INLR = *ON  

Disk space cleanup

http://archive.midrange.com/midrange-l/200111/msg01582.html

I went to IBM school on some of this eons ago but was able to find my notes & extract some pieces of information that might be helpful.
  I have NOT yet tried all these ideas, some of which may be a bit controversial.  There is also the topic of when it is best to schedule some things that can take a loooong time during which no one else able to use the 400.

Useful Commands
---------------------------
Some of these mentioned earlier in this thread
You do know about wild cards? ... key in part of a command with an asterisk
on the end & see list of all commands that start that way ... e.g. DSPF*
Also you know that GO CMDxxx will get you a menu of all commands that contain
the string xxx for example GO CMDSPLF
There are some other key menus & you can get at the big picture via GO MAJOR
or GO ASSIST

CLROUTQ QEZJOBLOG
CPROBJ
DSPJOBTBL
DSPSYSSTS
GO DBMON
GO CMDDSK
GO CLEANUP
GO PROBLEM
WRKDSKSTS
WRKOUTQ
WRKPRB
WRKSYSSTS
WRKUSRJOB *ALL

Key System Values
----------------------------- WRKSYSVAL
QPFRADJ
QPRBHLDITV
QRCLSPLSTG
There's lots more, but these are ones that I think might be relevant to this
thread

Clean Up
-------------
GO CLEANUP program is called QEZUSRCLNP if you want to add function

Computer Manage Itself
-----------------------------------
WRKSYSVAL QPFRADJ then F1 then ask folks here to explain this
This value is discussed in Chapter 14 of Work Management Manual

Data Access Optimization
--------------------------------------
GO DBMON
do not start this then go to lunch - it collects a lot of info in a short time, and is itself resource intensive in gathering the info - 
 someone might have done this in the past & led to disk space consumption ...
 intention is to use Query or SQL to study the data to optimize performance of how we do things.

Disk Objects Inventory
--------------------------------
Do you have artifacts left over from some implementation or conversion effort
that might not be needed anymore?
We have source code on all our software, but there are thousands of programs,
thousands of DDS, thousands of other things ... the odds are that I might
need to access a hundred of these in like the next year, I just do not know
which hundred.
CPROBJ compresses objects that must be on system for those rare times that
someone does need to use them, but in fact are rarely accessed such as source
programs ... think of CPROBJ as being like ZIP/400

Disk Status
-----------------
WRKDSKSTS
each unit should be less than 50% busy - if over 70% we need to use
performance tuning to balance our files

Performance is enhanced if data "balanced" across different hard disks
V4R3 added DSKBAL (via PTF for earlier V's) to do this at IPL time (I betcha
that takes a looong time) V4R4 enhanced this.  See News/400 Dec 1999 tips.

File Size Fluctuation
------------------------------
Files Grow in disk space consumption to accommodate  requirements of the
data, up to some limits that may need periodic review (DSPFD to *OUTFILE &
query compare current capacity with ceiling capacity) but as I get around to
cleaning out dead records, those files are still eating the disk space needed
when their content was inflated, so there may be a need to check & see if
some files have excess capacity, wasting disk space

IPLs
-------
IBM Hardware & OS/400 improvements mean that doing an IPL becomes less & less
useful or neccessary, but there are a few things it does that may be relevant
to helping your situation, with respect to helping you clean up stuff.

For example, if you have some large system logs, IPL ends them all & restarts
them, then you go delete your system logs.  There are some work areas whose
disk space gets cleaned up.

Do you need to IPL?
Look at WRKSYSSTS (all kinds of commands)
What % addresses used? ... if 70-80% you need IPL
What's your % disk space used? ... the higher it gets the more often smart to
IPL

Job Logs
-------------
WRKOUTQ - get list of output queues - scroll & find joblogs
You can delete all joblogs in one command
14 - clear an outq
You do not want to delete the outq
so do not get confused what the options do

I have put CLROUTQ QEZJOBLOG on a menu for purpose of doing this after backup
& after a WRKOUTQ review to see if I need to keep any ... typically I kill
several hundred a day after moving 1-2 a week to another Q for study.

WRKF QHST*
How many do you have?
We have 4 days worth

Message Queues
--------------------------
When full they get extended (more disk space)
When empty they as big as they ever get
to make them smaller you can delete & recreate

Performance Monitoring
----------------------------------
Are there objects y"all finished with?
LIB QPFRDATA

Reclaim Storage
------------------------
If you run RCLSTG reclaim storage, afterwards DSP QRCL & QReclaim directory
to check out the stuff that Reclaim did not know what to do with

Reports clogging Spool
----------------------------------
WRKUSRJOB *ALL & F4 ... try different mixes ... see which users most prone to
leave reports open.

When locating & clearing ancient reports, I favor the end users doing this,
but sometimes they say "Al it is Ok for you to kill ......" certain
categories of stuff, like say file maintenance audit trails that are over a
week old.
I most comfortable with WRKSPLF _______ (name of user) which gets at
everything for that one person where I can put 4-delete in front of many
lines at one time

If you want to have a CL to do some repetitive kills of ancient reports,
check out
CHGSPLFA Change Spool File Attributes
*SELECT lets us select all reports that match criteria such as
USER (name, *CURRENT or *ALL)
PRINTER (specific OUTQ, *ALL)
FORM TYPE (specific or *ALL)
User Data field (specific or *ALL)
so for example, with one command string we can move 100% of one person's
reports from one OUTQ to another or change # copies or save after printing &
etc.

Check the archives for info about shareware to do stuff like killing all
spool file entries that are over some date age for a selected list of users
with some other exceptions

You know when you do display job information on people prior sessions that
created unprinted reports?  There is a certain amount of 400 baggage to keep
track of all that.  It is not just number pages.  If people really need to
keep reports on spool, you might want to explore ways to get that report data
into some other form that gets saved without tying up 400 jobs.

DSPJOBTBL shows how much space has been allocated for keeping track of
multiple jobs on the system & how much of that has been consumed so far.

    From a performance standpoint it is better to not be slowing people down by

the system creating new jobs a lot, as opposed to reusing them, but you also
might not want this sort of thing accumulating indefinitely.  This is a big
subject to understand ... currently I have our values set at what I think is
reasonable, with IPL clearing out some accumulation.

If you have had large #s of deleted spool files, reclaim space via system
value QRCLSPLSTG or perhaps after heavy printing activity such as end-month
do RCLSPLSTG

Security Auditing
-------------------------
Are you doing this?

System Problems
--------------------------
GO PROBLEM & WRKPRB
default shows current list
99% of OUR problems shown here are idiot events outside IBM relevance such as
PC goes down & IBM thinks there may be a hardware problem, or ma bell goes
goes down in weather front & IBM thinks there may be a hardware problem, so
all these incidents get opened that we know are not in IBM hardware & I want
to delete them but they are more days than system value QPRBHLDITV allows so
I need to lower this value to get rid of the garbage then raise it again in
case we ever do have a hardware problem that is IBM

Threads Other
--------------------
See recent midrange-L thread on "deleting logical files"
I may be approaching diminishing returns on my own effort to clean up our
disk space, once I complete the stuff I know needs to be done.

Configuring iSeries NetServer for Kerberos authentication

Configuring for kerberos Authentication

The iSeries Network Authentication Service (NAS) provides kerberos V5 authentication for the iSeries. Kerberos authentication support for iSeries NetServer uses NAS and Enterpise Identity Mapping (EIM) to allow users to sign on once and be authenticated to many iSeries NetServers. This reduces the number of passwords that users need to remember and provides the benefit of reduced password administration.
Setting up a kerberos authentication scheme involves configuring the iSeries, iSeries NetServer and a Windows based Key Distribution Center (KDC). To successfully configure the 3 pieces of the kerberos environment you will need to develop an understanding of how kerberos authentication works. The iSeries Information Center (http://publib.boulder.ibm.com/pubs/html/as400/v5r1/ic2924/index.htm) provides a complete description of the NAS and EIM. Consult the Information Center before attempting to configure iSeries NetServer for kerberos authentication.
This chart shows the high level steps required to configure iSeries NetServer for kerberos authentication.

1. Install the required iSeries software products.
5722-AC3 Crypto Access Provider 128-bit for AS/400
2. Install and configure a Windows 2000 Server to act as the Key Distribution Center(KDC) for your network.
This Server will be the source of the kerberos tickets within your environment.
3. Synchronize the clocks of the iSeries and the KDC.
Kerberos tickets are time sensitive, so the clocks on all systems in the network must be synchronized.
4. Create USER accounts on the KDC for all users and iSeries principles that will need a
kerberos ticket.
5. Make sure Lightweight Directory Access Protocol (LDAP) is configured and active.
Use the iSeries Navigator LDAP Configuration Wizard if LDAP is not already active.
6. Configure the Network Authentication Service on the iSeries
Use iSeries Navigator NAS Configuration Wizard to configure this service.
7. Configure an Enterprise Identity Mapping (EIM) domain on the iSeries.
Configure a single EIM domain controller for your entire network.
8. Change the iSeries NetServer Authentication Method to *kerberos.
Use iSeries Navigator to change the iSeries NetServer Properties.
NOTE: When configured for kerberos authentication, only kerberos capable clients can connect to iSeries NetServer.
9. Map a Network Drive from a kerberos capable client (Windows 2000 or XP) to a configured iSeries NetServer share.

Frank Soltis, Father of AS/400, Retires from IBM

http://www.mcpressonline.com/analysis/analysis-of-news-events/frank-soltis-father-of-as/400-retires-from-ibm.html

Soltis’ views on system architecture and his unique approach to protecting business software assets led to the most successful commercial computer platform in history.

The man known as the father of the System i and today’s Power Systems retired from IBM last week after 40 years with the company. Creative, outspoken, and honest about the science he followed in researching ways to perfect the most successful commercial computer platform of all time, Frank Soltis leaves his post as chief scientist for what today is still known in the hallways of Rochester as the AS/400.

„I certainly could not have asked for a better career for the last 40 years,” says Soltis. „It’s been great…. When I started here in Rochester and was working on the design of what was to become the S/38, I never, never, never anticipated that years later I would be working on essentially the same product.”

Soltis says the value of the design that he, Roy Hoffman, and the late Dick Bains came up with is its ability to protect one of businesses’ greatest assets: its existing software.

„This is one of the few systems that was really designed for businesses exclusively,” Soltis said during an interview with MC Press Online. „It never was intended to be anything else. And the major asset that businesses have–from a computer standpoint–are their applications. As long as you can protect those applications and not force anybody to change, that’s the value of it.”

One of the unique characteristics of the AS/400, now IBM i running on Power Systems, is its flexibility in allowing changes in the underlying hardware without forcing a rewrite of the applications afterward. Applications that ran on the S/38 years ago still work on Power Systems today. The underlying architecture behind that feature is the Technology Independent Machine Interface (TIMI).

Soltis says the solution was not one he and his team arrived at without trial and error. It was the result of trying to build an interpretive machine and concluding that it would have to be a compiled interface instead.

„I wanted to prototype a high-level-language machine,” says Soltis, recounting how the basic architecture of the S/38 came to pass. The idea was in vogue at a number of universities around the country. „In the lab, I was working with a couple of young engineers who put it together for me. I designed a machine, a computer system that directly implemented RPG. Now, at the time, I felt that it should be built in software, not in hardware…. We had an interpretive execution of RPG. That taught me that was not the way to go. The right approach, rather than direct interpretation of this interface, was actually to compile it down into an internal interface–and then execute that.

„That really formed the basis of what became the S/38. I also discovered that picking a high-level language was the wrong approach. What you really needed was a broader interface that could deal with languages, could deal with other utilities–what we call middleware today. That was really the beginning of what we talk about today as MI, or what became known as the Technology Independent Machine Interface.”

Soltis says the idea behind objects on the S/38 came from his assignment to work with the Future Systems Task Force, an IBM task force charged with coming up with a replacement for the S/370. The group seemed to wrangle for months, making little progress because of philosophical differences among members, and Soltis eventually was recalled to Rochester due to an imminent restructuring of the company.

„One of the things that was great about that task force,” Soltis recalls, „is that there were certain things that we could steal. One of the things that was blatantly stolen from Future Systems was the concept of objects.” While mildly dramatic, the comment understates Soltis’ prior interest in and work with objects during his studies at Iowa State University while researching virtual memory.

The other unique feature of the S/38 and subsequent platforms is the single-level store, or the idea that all storage on the computer is a single plane of addresses pointing to pages in both primary and secondary storage. Soltis says his underlying concept, however, was that everything in the system could be virtualized, not just storage. Soltis explored and expanded upon the idea in his PhD thesis and then brought the concept back to IBM after earning his degree during an educational leave.

Soltis recalls with nostalgia the work that he, Bains, and Hoffman did on the S/38 and subsequent platforms over the years. He credits Bains with making the platform viable by refining the compiler technology to the point where the system’s performance was acceptable, given the limited processing capacity available in the 1970s. That Bains suddenly died of heart failure within just weeks of Soltis’ retirement stands as an ironic reminder of how much time has passed since the three men began their career-long quest to perfect what some believe is the ideal business computer.

Asked what he sees coming down the ever-changing road bringing new technology, Soltis reiterates his belief that it includes a new operating system or operating system extensions, or a new programming language or extensions to existing languages. The reason? Rapidly advancing multi-processor technology is making today’s programming tools obsolete. It’s one thing to try to program applications to run on two or four processors but quite another when there are hundreds or even thousands of processors running at the same time. The current solution of programming threaded applications just isn’t going to scale, says Soltis.

„Certainly, the direction we’re being encouraged to go today with programming applications that are purely threaded has a limit, and we’re going to hit that limit before too long,” says Soltis. „I don’t have any problem with multi-threaded processors. Since the first one in 1998, we’ve been using them for some time. But it’s not going to scale.”

Soltis says the future can be found in the programming approaches taken with super computers and, ironically, computer game consoles that use dissimilar, multiple processors all working together.

„Granted, the Cell chip today is pretty much used for multimedia purposes–special-purpose processors for…video and other kinds of things. But as we go into the future, we’re going to see designs similar to that, where the special processors are actually supporting business applications.” Functions that are needed to run a database more efficiently or handle TCP/IP in hardware are being handled separately today, and „these [new approaches] have to be reflected in the applications and the way we design them and implement [them],” Soltis says.

Such challenges and the need for new approaches to utilize the extreme power found in tomorrow’s processor technology will continue to present opportunities for the next generation of system architects, Soltis says. Anyone who believes everything that can be invented already has been invented isn’t looking deep enough into the opportunities that technology will present over the next decade, he says.

Good friends with many in the industry, Soltis intends to continue to keep his hand in the Power Systems world and already has agreed to work with several Business Partners and user groups on projects they have identified for 2009 and beyond. While those familiar with his iconoclastic presentations at COMMON may be lucky enough to hear him at a future event, his larger audience will consist of students at the University of Minnesota, where he plans to intensify his teaching schedule following a period of classroom restrictions imposed by work and travel.

If not in the classroom, however, Soltis says he likely can be found in his garage, working on assembling a collection of classic car parts that heretofore have been cluttering up the place and earning him a reputation for finishing tasks at home that belies the monumental reputation he achieved at IBM nurturing the world’s best business platform.