On 12-Nov-2013 09:22 -0800, Matt Pryor wrote:
If I pass in QSECOFR with password in args 2 and 3, I get a
connection. If I pass in the user profile I'd like to run as
(TLXDRIVER) I get "general security error" ConnectionPoolException.
The first thing I would check is for Authority Failure conditions,
i.e. T-AF entries in the audit log, because the other user is unlikely
to have the *ALLOBJ Special Authority. Another test with that other
user temporarily having that special authority would confirm a lack of
authority to /a resource/ but not be helpful to determine to which
resource some\more authority is required... like the audit log would reveal.
The user id and password are valid (tested this by changing
them and got the expected error messages).
Not sure I understand what that means exactly. Signed on
interactively and used CHGPWD to test the "Current password" and to
reset to the "New password", or perhaps something else was done? What
/password level/ is in effect for the server; then, was the password of
the successful QSECOFR and the failing users effectively the same with
regard in both how they were formed and passed as arguments [as in case:
mixed, lower, upper]?
I infer that minimally, the intended implication is both that the
UsrPrf is both *ENABLED and that the password for the user is not expired?
This is only happening on one customer site, never been a problem
before. Can anyone point me in the right direction on what to
suggest to the customer? I wasn't aware that there was any
particular permissions required to allow a user profile to connect
via the java toolkit and the IBM FAQs don't really help much.
What is the link to the FAQ so we know what not to suggest? Perhaps?:
Can the user signon interactively [at a 5250 workstation session]
with that same password? Is the user properly authorized to itself and
to any [supplemental] group profiles? Was the auditing enabled for just
about everything, and the audit log checked for anything from just
before the time of [until just after] the connection [and failure]; at
least looking for T-AF and T-PW entries?
Is there an exit-program registered for the host Signon server
feature, that perhaps is rejecting that user [see WRKREGINF for the
As an Amazon Associate we earn from qualifying purchases.