It's all about the answers!

Ask a question

bfagent - magic_login - configuration

Bernd van Oostrum (21724768) | asked Aug 23 '16, 11:23 a.m.
edited Aug 23 '16, 12:14 p.m. by Patrick Remington (2013)

I'm trying to configure the bfagent using the "magic_login"-property because the policy is not to use a minaframe user with adminstrative privileges.

I'm following these instructions:

To configure a login for the agent:
  1. Create a server authentication that uses a user name and password. In the Management Console, click Servers > Server Auth.
  2. For this example the user name is build and the password is MySecretPassword.
  3. Create a server that uses the agent. Associate the server authentication with this server in the Authentication field.
  4. Generate an encoded password for the agent. In the installation directory for the agent, run bfagent -P with the password that you choose.

Where and how can I access the management console of the Rational Build Engine installed on the mainframe (point 1)?


2 answers

permanent link
Bruce Green (30124) | answered Aug 23 '16, 12:33 p.m.
 Hello Bernd - 

I'm not sure where those steps 1-4 came from.  It seems like that is information related to configuring a build agent associated with Build Forge.  I am assuming you are trying to use this with RTC?

These links may be helpful :

The short overview for configuring the build agent is to either use the SBLZSAMP JCL member BLZCPBFA (or the RTC Configuration Utility) to generate configuration files for the build agent.  Then you can edit the generated bfagent.conf file to enable magic_login by using the bfagent executable to generate an encoded password (

Which version of RTC are you using?  We may have an alternative approach for you.

Bernd van Oostrum commented Aug 24 '16, 3:28 a.m.

Steps 1-4 came from this link:

"completing the installation and running the rational build agent on z/OS"

Starting the agent with administrative priviliges is not the issue. The problem is, the customer doesn't allow this for security/policy reasons.

If I understand the descriptions correctly, we can use the "magic_login" - property in bfagent.conf, but I'm not able to authenticate once it is up and running.

We're using RTC502.


permanent link
Bruce Green (30124) | answered Aug 24 '16, 9:59 a.m.
 Can you be more specific about not able to authenticate?  I assume this means "test connection".

A few questions -
a) is the userid under which the bfagent process is running a non UID 0 user?
b) was the password encoded under magic_login using "bfagent -P password" ?
c) Does the userid and password used on the test connection exactly match that which is encoded in the bfagent.conf?  (That is, this userid and password do not correspond to a RACF or z/OS userid and password but only need to match bfagent.conf).  
d) You can enable activity_log under bfagent.conf for some tracing to see if magic_login is being attempted.

Secondarily, we have an alternate/new bfagent executable that can provide full function and not run under superuser.  If you open a pmr and mention this forum append, we can see about getting you a test fix and such and ultimately an APAR / PTF if you are happy with the result.

Your answer

Register or to post your answer.