331 lines
23 KiB
HTML
331 lines
23 KiB
HTML
|
<?xml version="1.0" encoding="UTF-8"?>
|
||
|
<!DOCTYPE html
|
||
|
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
||
|
<html lang="en-us" xml:lang="en-us">
|
||
|
<head>
|
||
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
||
|
<meta name="security" content="public" />
|
||
|
<meta name="Robots" content="index,follow" />
|
||
|
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
|
||
|
<meta name="DC.Type" content="concept" />
|
||
|
<meta name="DC.Title" content="DRDA application server security in an APPC network" />
|
||
|
<meta name="abstract" content="When the target server is an iSeries server, several elements are used together to determine whether a request to access a remote file is allowed or not." />
|
||
|
<meta name="description" content="When the target server is an iSeries server, several elements are used together to determine whether a request to access a remote file is allowed or not." />
|
||
|
<meta name="DC.subject" content="password, encrypted" />
|
||
|
<meta name="keywords" content="password, encrypted" />
|
||
|
<meta name="DC.Relation" scheme="URI" content="rbal1elements.htm" />
|
||
|
<meta name="copyright" content="(C) Copyright IBM Corporation 1998, 2006" />
|
||
|
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 1998, 2006" />
|
||
|
<meta name="DC.Format" content="XHTML" />
|
||
|
<meta name="DC.Identifier" content="rbal1tssec" />
|
||
|
<meta name="DC.Language" content="en-us" />
|
||
|
<!-- All rights reserved. Licensed Materials Property of IBM -->
|
||
|
<!-- US Government Users Restricted Rights -->
|
||
|
<!-- Use, duplication or disclosure restricted by -->
|
||
|
<!-- GSA ADP Schedule Contract with IBM Corp. -->
|
||
|
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
|
||
|
<link rel="stylesheet" type="text/css" href="./ic.css" />
|
||
|
<title>DRDA application
|
||
|
server security in an APPC network</title>
|
||
|
</head>
|
||
|
<body id="rbal1tssec"><a name="rbal1tssec"><!-- --></a>
|
||
|
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
|
||
|
<h1 class="topictitle1">DRDA<sup>®</sup> application
|
||
|
server security in an APPC network</h1>
|
||
|
<div><p>When the target server is an <span class="keyword">iSeries™</span> server,
|
||
|
several elements are used together to determine whether a request to access
|
||
|
a remote file is allowed or not.</p>
|
||
|
<div class="section"><h4 class="sectiontitle">User-related security elements</h4><p>The
|
||
|
user-related security elements include the SECURELOC parameter on the target
|
||
|
server, the user ID sent by the source server (if allowed), the password for
|
||
|
the user ID sent by the source server, and a user profile or default user
|
||
|
profile on the target server.</p>
|
||
|
</div>
|
||
|
<div class="section"><h4 class="sectiontitle">Object-related security elements</h4><p>The
|
||
|
object-related security elements include the DDMACC parameter and, optionally,
|
||
|
a user exit program supplied by the user to supplement normal object authority
|
||
|
controls.</p>
|
||
|
</div>
|
||
|
<div class="section"><h4 class="sectiontitle">User-related elements of target security</h4><p>A valid
|
||
|
user profile must exist on the application server (AS) to process distributed
|
||
|
relational database work. You can specify a default user profile for a subsystem
|
||
|
that handles communications jobs on an <span class="keyword">iSeries server</span>.</p>
|
||
|
<p>The
|
||
|
name of the default user profile is specified on the DFTUSR parameter of the <span class="cmdname">Add
|
||
|
Communications Entry (ADDCMNE)</span> command on the AS. The <span class="cmdname">ADDCMNE</span> command
|
||
|
adds a communications entry to a subsystem description used for communications
|
||
|
jobs.</p>
|
||
|
<p>If a default user profile is specified in a communications subsystem,
|
||
|
whether the AS is a secure location or not determines if the default user
|
||
|
profile is used for this request. The SECURELOC parameter on the <span class="cmdname">Create
|
||
|
Device Description (APPC) (CRTDEVAPPC)</span> command, or the secure location
|
||
|
designation on an APPN remote location list, specifies whether the AS is a
|
||
|
secure location.</p>
|
||
|
<ul><li>If *YES is specified for SECURELOC or secure location on the AS, the AS
|
||
|
considers the application requester (AR) a secure location. A user ID and
|
||
|
an Already Verified indicator are expected from the AR with its request. If
|
||
|
a user profile exists on the AS that matches the user ID sent by the requester,
|
||
|
the request is allowed. If not, the request is rejected.</li>
|
||
|
<li>If *NO is specified for the SECURELOC parameter on the AS, the AS does
|
||
|
not consider the AR a secure location. Although the AR still sends a user
|
||
|
ID, the AS does not use this for the request. Instead, a default user profile
|
||
|
on the AS is used for the request, if one is available. If no default user
|
||
|
profile exists on the AS, the request is rejected.</li>
|
||
|
<li>If *VFYENCPWD is specified for SECURELOC on the AS, the AS considers the
|
||
|
AR a secure location, but requires that the user ID and its password be sent
|
||
|
(in encrypted form) to verify the identity of the current user. If the user
|
||
|
profile exists on the AS that matches the user ID sent by the requester, and
|
||
|
that requester has the same password on both systems, the request is allowed.
|
||
|
Otherwise, the request is rejected.</li>
|
||
|
</ul>
|
||
|
<p>The following table shows all of the possible combinations of the
|
||
|
elements that control SNA SECURITY(PGM) on the <span class="keyword">iSeries server</span>.
|
||
|
A "Y" in any of the columns indicates that the element is present or the condition
|
||
|
is met. An "M" in the PWD column indicates that the security manager retrieves
|
||
|
the user's password and sends a protected (encrypted) password if password
|
||
|
protection is active. If a protected password is not sent, no password is
|
||
|
sent. A <em>protected password</em> is a character string that APPC substitutes
|
||
|
for a user password when it starts a conversation. Protected passwords can
|
||
|
be used only when the systems of both partners support password protection
|
||
|
and when the password is created on a system that runs <span class="keyword">i5/OS™</span> or OS/400<sup>®</sup> Version
|
||
|
2 Release 2 or later.</p>
|
||
|
|
||
|
<div class="tablenoborder"><a name="rbal1tssec__sectbl"><!-- --></a><table cellpadding="4" cellspacing="0" summary="" id="rbal1tssec__sectbl" width="100%" frame="hsides" border="1" rules="rows"><caption>Table 1. Remote access to a distributed relational database</caption><thead align="left"><tr><th align="center" valign="top" width="11.11111111111111%" id="d0e97">Row</th>
|
||
|
<th align="center" valign="top" width="11.11111111111111%" id="d0e99">UID</th>
|
||
|
<th align="center" valign="top" width="11.11111111111111%" id="d0e101">PWD<sup>1</sup></th>
|
||
|
<th align="center" valign="top" width="11.11111111111111%" id="d0e105">AVI</th>
|
||
|
<th align="center" valign="top" width="11.11111111111111%" id="d0e107">SEC(Y)</th>
|
||
|
<th align="center" valign="top" width="11.11111111111111%" id="d0e109">DFT</th>
|
||
|
<th align="center" valign="top" width="11.11111111111111%" id="d0e111">Valid</th>
|
||
|
<th align="left" valign="top" width="22.22222222222222%" id="d0e113">Access</th>
|
||
|
</tr>
|
||
|
</thead>
|
||
|
<tbody><tr><td align="center" valign="top" width="11.11111111111111%" headers="d0e97 ">1</td>
|
||
|
<td align="center" valign="top" width="11.11111111111111%" headers="d0e99 ">Y</td>
|
||
|
<td align="center" valign="top" width="11.11111111111111%" headers="d0e101 ">Y</td>
|
||
|
<td align="center" valign="top" width="11.11111111111111%" headers="d0e105 "> </td>
|
||
|
<td align="center" valign="top" width="11.11111111111111%" headers="d0e107 ">Y</td>
|
||
|
<td align="center" valign="top" width="11.11111111111111%" headers="d0e109 ">Y</td>
|
||
|
<td align="center" valign="top" width="11.11111111111111%" headers="d0e111 ">Y</td>
|
||
|
<td align="left" valign="top" width="22.22222222222222%" headers="d0e113 ">Use UID</td>
|
||
|
</tr>
|
||
|
<tr><td align="center" valign="top" width="11.11111111111111%" headers="d0e97 ">2</td>
|
||
|
<td align="center" valign="top" width="11.11111111111111%" headers="d0e99 ">Y</td>
|
||
|
<td align="center" valign="top" width="11.11111111111111%" headers="d0e101 ">Y</td>
|
||
|
<td align="center" valign="top" width="11.11111111111111%" headers="d0e105 "> </td>
|
||
|
<td align="center" valign="top" width="11.11111111111111%" headers="d0e107 ">Y</td>
|
||
|
<td align="center" valign="top" width="11.11111111111111%" headers="d0e109 ">Y</td>
|
||
|
<td align="center" valign="top" width="11.11111111111111%" headers="d0e111 "> </td>
|
||
|
<td align="left" valign="top" width="22.22222222222222%" headers="d0e113 ">Reject</td>
|
||
|
</tr>
|
||
|
<tr><td align="center" valign="top" width="11.11111111111111%" headers="d0e97 ">3</td>
|
||
|
<td align="center" valign="top" width="11.11111111111111%" headers="d0e99 ">Y</td>
|
||
|
<td align="center" valign="top" width="11.11111111111111%" headers="d0e101 ">Y</td>
|
||
|
<td align="center" valign="top" width="11.11111111111111%" headers="d0e105 "> </td>
|
||
|
<td align="center" valign="top" width="11.11111111111111%" headers="d0e107 ">Y</td>
|
||
|
<td align="center" valign="top" width="11.11111111111111%" headers="d0e109 "> </td>
|
||
|
<td align="center" valign="top" width="11.11111111111111%" headers="d0e111 ">Y</td>
|
||
|
<td align="left" valign="top" width="22.22222222222222%" headers="d0e113 ">Use UID</td>
|
||
|
</tr>
|
||
|
<tr><td align="center" valign="top" width="11.11111111111111%" headers="d0e97 ">4</td>
|
||
|
<td align="center" valign="top" width="11.11111111111111%" headers="d0e99 ">Y</td>
|
||
|
<td align="center" valign="top" width="11.11111111111111%" headers="d0e101 ">Y</td>
|
||
|
<td align="center" valign="top" width="11.11111111111111%" headers="d0e105 "> </td>
|
||
|
<td align="center" valign="top" width="11.11111111111111%" headers="d0e107 ">Y</td>
|
||
|
<td align="center" valign="top" width="11.11111111111111%" headers="d0e109 "> </td>
|
||
|
<td align="center" valign="top" width="11.11111111111111%" headers="d0e111 "> </td>
|
||
|
<td align="left" valign="top" width="22.22222222222222%" headers="d0e113 ">Reject</td>
|
||
|
</tr>
|
||
|
<tr><td align="center" valign="top" width="11.11111111111111%" headers="d0e97 ">5</td>
|
||
|
<td align="center" valign="top" width="11.11111111111111%" headers="d0e99 ">Y</td>
|
||
|
<td align="center" valign="top" width="11.11111111111111%" headers="d0e101 ">Y</td>
|
||
|
<td align="center" valign="top" width="11.11111111111111%" headers="d0e105 "> </td>
|
||
|
<td align="center" valign="top" width="11.11111111111111%" headers="d0e107 "> </td>
|
||
|
<td align="center" valign="top" width="11.11111111111111%" headers="d0e109 ">Y</td>
|
||
|
<td align="center" valign="top" width="11.11111111111111%" headers="d0e111 ">Y</td>
|
||
|
<td align="left" valign="top" width="22.22222222222222%" headers="d0e113 ">Use UID</td>
|
||
|
</tr>
|
||
|
<tr><td align="center" valign="top" width="11.11111111111111%" headers="d0e97 ">6</td>
|
||
|
<td align="center" valign="top" width="11.11111111111111%" headers="d0e99 ">Y</td>
|
||
|
<td align="center" valign="top" width="11.11111111111111%" headers="d0e101 ">Y</td>
|
||
|
<td align="center" valign="top" width="11.11111111111111%" headers="d0e105 "> </td>
|
||
|
<td align="center" valign="top" width="11.11111111111111%" headers="d0e107 "> </td>
|
||
|
<td align="center" valign="top" width="11.11111111111111%" headers="d0e109 ">Y</td>
|
||
|
<td align="center" valign="top" width="11.11111111111111%" headers="d0e111 "> </td>
|
||
|
<td align="left" valign="top" width="22.22222222222222%" headers="d0e113 ">Reject</td>
|
||
|
</tr>
|
||
|
<tr><td align="center" valign="top" width="11.11111111111111%" headers="d0e97 ">7</td>
|
||
|
<td align="center" valign="top" width="11.11111111111111%" headers="d0e99 ">Y</td>
|
||
|
<td align="center" valign="top" width="11.11111111111111%" headers="d0e101 ">Y</td>
|
||
|
<td align="center" valign="top" width="11.11111111111111%" headers="d0e105 "> </td>
|
||
|
<td align="center" valign="top" width="11.11111111111111%" headers="d0e107 "> </td>
|
||
|
<td align="center" valign="top" width="11.11111111111111%" headers="d0e109 "> </td>
|
||
|
<td align="center" valign="top" width="11.11111111111111%" headers="d0e111 ">Y</td>
|
||
|
<td align="left" valign="top" width="22.22222222222222%" headers="d0e113 ">Use UID</td>
|
||
|
</tr>
|
||
|
<tr><td align="center" valign="top" width="11.11111111111111%" headers="d0e97 ">8</td>
|
||
|
<td align="center" valign="top" width="11.11111111111111%" headers="d0e99 ">Y</td>
|
||
|
<td align="center" valign="top" width="11.11111111111111%" headers="d0e101 ">Y</td>
|
||
|
<td align="center" valign="top" width="11.11111111111111%" headers="d0e105 "> </td>
|
||
|
<td align="center" valign="top" width="11.11111111111111%" headers="d0e107 "> </td>
|
||
|
<td align="center" valign="top" width="11.11111111111111%" headers="d0e109 "> </td>
|
||
|
<td align="center" valign="top" width="11.11111111111111%" headers="d0e111 "> </td>
|
||
|
<td align="left" valign="top" width="22.22222222222222%" headers="d0e113 ">Reject</td>
|
||
|
</tr>
|
||
|
<tr><td align="center" valign="top" width="11.11111111111111%" headers="d0e97 ">9</td>
|
||
|
<td align="center" valign="top" width="11.11111111111111%" headers="d0e99 ">Y</td>
|
||
|
<td align="center" valign="top" width="11.11111111111111%" headers="d0e101 "> </td>
|
||
|
<td align="center" valign="top" width="11.11111111111111%" headers="d0e105 ">Y</td>
|
||
|
<td align="center" valign="top" width="11.11111111111111%" headers="d0e107 ">Y</td>
|
||
|
<td align="center" valign="top" width="11.11111111111111%" headers="d0e109 ">Y</td>
|
||
|
<td align="center" valign="top" width="11.11111111111111%" headers="d0e111 ">Y</td>
|
||
|
<td align="left" valign="top" width="22.22222222222222%" headers="d0e113 ">Use UID</td>
|
||
|
</tr>
|
||
|
<tr><td align="center" valign="top" width="11.11111111111111%" headers="d0e97 ">10</td>
|
||
|
<td align="center" valign="top" width="11.11111111111111%" headers="d0e99 ">Y</td>
|
||
|
<td align="center" valign="top" width="11.11111111111111%" headers="d0e101 "> </td>
|
||
|
<td align="center" valign="top" width="11.11111111111111%" headers="d0e105 ">Y</td>
|
||
|
<td align="center" valign="top" width="11.11111111111111%" headers="d0e107 ">Y</td>
|
||
|
<td align="center" valign="top" width="11.11111111111111%" headers="d0e109 ">Y</td>
|
||
|
<td align="center" valign="top" width="11.11111111111111%" headers="d0e111 "> </td>
|
||
|
<td align="left" valign="top" width="22.22222222222222%" headers="d0e113 ">Reject</td>
|
||
|
</tr>
|
||
|
<tr><td align="center" valign="top" width="11.11111111111111%" headers="d0e97 ">11</td>
|
||
|
<td align="center" valign="top" width="11.11111111111111%" headers="d0e99 ">Y</td>
|
||
|
<td align="center" valign="top" width="11.11111111111111%" headers="d0e101 "> </td>
|
||
|
<td align="center" valign="top" width="11.11111111111111%" headers="d0e105 ">Y</td>
|
||
|
<td align="center" valign="top" width="11.11111111111111%" headers="d0e107 ">Y</td>
|
||
|
<td align="center" valign="top" width="11.11111111111111%" headers="d0e109 "> </td>
|
||
|
<td align="center" valign="top" width="11.11111111111111%" headers="d0e111 ">Y</td>
|
||
|
<td align="left" valign="top" width="22.22222222222222%" headers="d0e113 ">Use UID</td>
|
||
|
</tr>
|
||
|
<tr><td align="center" valign="top" width="11.11111111111111%" headers="d0e97 ">12</td>
|
||
|
<td align="center" valign="top" width="11.11111111111111%" headers="d0e99 ">Y</td>
|
||
|
<td align="center" valign="top" width="11.11111111111111%" headers="d0e101 "> </td>
|
||
|
<td align="center" valign="top" width="11.11111111111111%" headers="d0e105 ">Y</td>
|
||
|
<td align="center" valign="top" width="11.11111111111111%" headers="d0e107 ">Y</td>
|
||
|
<td align="center" valign="top" width="11.11111111111111%" headers="d0e109 "> </td>
|
||
|
<td align="center" valign="top" width="11.11111111111111%" headers="d0e111 "> </td>
|
||
|
<td align="left" valign="top" width="22.22222222222222%" headers="d0e113 ">Reject</td>
|
||
|
</tr>
|
||
|
<tr><td align="center" valign="top" width="11.11111111111111%" headers="d0e97 ">13</td>
|
||
|
<td align="center" valign="top" width="11.11111111111111%" headers="d0e99 ">Y</td>
|
||
|
<td align="center" valign="top" width="11.11111111111111%" headers="d0e101 ">M<sup>3</sup></td>
|
||
|
<td align="center" valign="top" width="11.11111111111111%" headers="d0e105 "> </td>
|
||
|
<td align="center" valign="top" width="11.11111111111111%" headers="d0e107 "> </td>
|
||
|
<td align="center" valign="top" width="11.11111111111111%" headers="d0e109 ">Y</td>
|
||
|
<td align="center" valign="top" width="11.11111111111111%" headers="d0e111 ">Y</td>
|
||
|
<td align="left" valign="top" width="22.22222222222222%" headers="d0e113 ">Use DFT or UID<sup>2</sup></td>
|
||
|
</tr>
|
||
|
<tr><td align="center" valign="top" width="11.11111111111111%" headers="d0e97 ">14</td>
|
||
|
<td align="center" valign="top" width="11.11111111111111%" headers="d0e99 ">Y</td>
|
||
|
<td align="center" valign="top" width="11.11111111111111%" headers="d0e101 ">M<sup>3</sup></td>
|
||
|
<td align="center" valign="top" width="11.11111111111111%" headers="d0e105 "> </td>
|
||
|
<td align="center" valign="top" width="11.11111111111111%" headers="d0e107 "> </td>
|
||
|
<td align="center" valign="top" width="11.11111111111111%" headers="d0e109 ">Y</td>
|
||
|
<td align="center" valign="top" width="11.11111111111111%" headers="d0e111 "> </td>
|
||
|
<td align="left" valign="top" width="22.22222222222222%" headers="d0e113 ">Use DFT or UID<sup>2</sup></td>
|
||
|
</tr>
|
||
|
<tr><td align="center" valign="top" width="11.11111111111111%" headers="d0e97 ">15</td>
|
||
|
<td align="center" valign="top" width="11.11111111111111%" headers="d0e99 ">Y</td>
|
||
|
<td align="center" valign="top" width="11.11111111111111%" headers="d0e101 ">M<sup>3</sup></td>
|
||
|
<td align="center" valign="top" width="11.11111111111111%" headers="d0e105 "> </td>
|
||
|
<td align="center" valign="top" width="11.11111111111111%" headers="d0e107 "> </td>
|
||
|
<td align="center" valign="top" width="11.11111111111111%" headers="d0e109 "> </td>
|
||
|
<td align="center" valign="top" width="11.11111111111111%" headers="d0e111 ">Y</td>
|
||
|
<td align="left" valign="top" width="22.22222222222222%" headers="d0e113 ">Reject or UID<sup>2</sup></td>
|
||
|
</tr>
|
||
|
<tr><td align="center" valign="top" width="11.11111111111111%" headers="d0e97 ">16</td>
|
||
|
<td align="center" valign="top" width="11.11111111111111%" headers="d0e99 ">Y</td>
|
||
|
<td align="center" valign="top" width="11.11111111111111%" headers="d0e101 ">M<sup>3</sup></td>
|
||
|
<td align="center" valign="top" width="11.11111111111111%" headers="d0e105 "> </td>
|
||
|
<td align="center" valign="top" width="11.11111111111111%" headers="d0e107 "> </td>
|
||
|
<td align="center" valign="top" width="11.11111111111111%" headers="d0e109 "> </td>
|
||
|
<td align="center" valign="top" width="11.11111111111111%" headers="d0e111 "> </td>
|
||
|
<td align="left" valign="top" width="22.22222222222222%" headers="d0e113 ">Reject or UID<sup>2</sup></td>
|
||
|
</tr>
|
||
|
<tr><td align="center" valign="top" width="11.11111111111111%" headers="d0e97 ">17</td>
|
||
|
<td align="center" valign="top" width="11.11111111111111%" headers="d0e99 "> </td>
|
||
|
<td align="center" valign="top" width="11.11111111111111%" headers="d0e101 "> </td>
|
||
|
<td align="center" valign="top" width="11.11111111111111%" headers="d0e105 "> </td>
|
||
|
<td align="center" valign="top" width="11.11111111111111%" headers="d0e107 ">Y</td>
|
||
|
<td align="center" valign="top" width="11.11111111111111%" headers="d0e109 ">Y</td>
|
||
|
<td align="center" valign="top" width="11.11111111111111%" headers="d0e111 "> </td>
|
||
|
<td align="left" valign="top" width="22.22222222222222%" headers="d0e113 ">Used DFT</td>
|
||
|
</tr>
|
||
|
<tr><td align="center" valign="top" width="11.11111111111111%" headers="d0e97 ">18</td>
|
||
|
<td align="center" valign="top" width="11.11111111111111%" headers="d0e99 "> </td>
|
||
|
<td align="center" valign="top" width="11.11111111111111%" headers="d0e101 "> </td>
|
||
|
<td align="center" valign="top" width="11.11111111111111%" headers="d0e105 "> </td>
|
||
|
<td align="center" valign="top" width="11.11111111111111%" headers="d0e107 ">Y</td>
|
||
|
<td align="center" valign="top" width="11.11111111111111%" headers="d0e109 "> </td>
|
||
|
<td align="center" valign="top" width="11.11111111111111%" headers="d0e111 "> </td>
|
||
|
<td align="left" valign="top" width="22.22222222222222%" headers="d0e113 ">Reject</td>
|
||
|
</tr>
|
||
|
<tr><td align="center" valign="top" width="11.11111111111111%" headers="d0e97 ">19</td>
|
||
|
<td align="center" valign="top" width="11.11111111111111%" headers="d0e99 "> </td>
|
||
|
<td align="center" valign="top" width="11.11111111111111%" headers="d0e101 "> </td>
|
||
|
<td align="center" valign="top" width="11.11111111111111%" headers="d0e105 "> </td>
|
||
|
<td align="center" valign="top" width="11.11111111111111%" headers="d0e107 "> </td>
|
||
|
<td align="center" valign="top" width="11.11111111111111%" headers="d0e109 ">Y</td>
|
||
|
<td align="center" valign="top" width="11.11111111111111%" headers="d0e111 "> </td>
|
||
|
<td align="left" valign="top" width="22.22222222222222%" headers="d0e113 ">Use DFT</td>
|
||
|
</tr>
|
||
|
<tr><td align="center" valign="top" width="11.11111111111111%" headers="d0e97 ">20</td>
|
||
|
<td align="center" valign="top" width="11.11111111111111%" headers="d0e99 "> </td>
|
||
|
<td align="center" valign="top" width="11.11111111111111%" headers="d0e101 "> </td>
|
||
|
<td align="center" valign="top" width="11.11111111111111%" headers="d0e105 "> </td>
|
||
|
<td align="center" valign="top" width="11.11111111111111%" headers="d0e107 "> </td>
|
||
|
<td align="center" valign="top" width="11.11111111111111%" headers="d0e109 "> </td>
|
||
|
<td align="center" valign="top" width="11.11111111111111%" headers="d0e111 "> </td>
|
||
|
<td align="left" valign="top" width="22.22222222222222%" headers="d0e113 ">Reject</td>
|
||
|
</tr>
|
||
|
<tr><td colspan="8" valign="top" headers="d0e97 d0e99 d0e101 d0e105 d0e107 d0e109 d0e111 d0e113 "> <div class="note"><span class="notetitle">Key:</span> <dl><dt class="dlterm">UID</dt>
|
||
|
<dd>User ID sent</dd>
|
||
|
<dt class="dlterm">PWD</dt>
|
||
|
<dd>Password sent</dd>
|
||
|
<dt class="dlterm">AVI</dt>
|
||
|
<dd>Already Verified Indicator set</dd>
|
||
|
<dt class="dlterm">SEC(Y)</dt>
|
||
|
<dd>SECURELOC(YES) specified</dd>
|
||
|
<dt class="dlterm">DFT</dt>
|
||
|
<dd>Default user ID specified in communication subsystem</dd>
|
||
|
<dt class="dlterm">Valid</dt>
|
||
|
<dd>User ID and password are valid</dd>
|
||
|
<dt class="dlterm">Use UID</dt>
|
||
|
<dd>Connection made with supplied user ID</dd>
|
||
|
<dt class="dlterm">Use DFT</dt>
|
||
|
<dd>Connection made with default user ID</dd>
|
||
|
<dt class="dlterm">Reject</dt>
|
||
|
<dd>Connection not made</dd>
|
||
|
</dl>
|
||
|
</div>
|
||
|
<ol><li>If password protection is active, a protected password is sent.</li>
|
||
|
<li>Use UID when password protection is active.</li>
|
||
|
<li>If password protection is active, the password for the user is retrieved
|
||
|
by the security manager, and a protected password is sent; otherwise, no password
|
||
|
is sent.</li>
|
||
|
</ol>
|
||
|
</td>
|
||
|
</tr>
|
||
|
</tbody>
|
||
|
</table>
|
||
|
</div>
|
||
|
<p>To avoid having to use default user profiles, create a user profile
|
||
|
on the AS for every AR user that needs access to the distributed relational
|
||
|
database objects. If you decide to use a default user profile, however, make
|
||
|
sure that users are not allowed on the system without proper authorization.
|
||
|
For example, the following command specifies the default user parameter as
|
||
|
DFTUSER(QUSER); this allows the system to accept job start requests without
|
||
|
a user ID or password from a communications request. The communications job
|
||
|
is signed on using the QUSER user profile.</p>
|
||
|
<pre>ADDCMNE SBSD(SAMPLE) DEV(*ALL) DFTUSER(QUSER)</pre>
|
||
|
</div>
|
||
|
</div>
|
||
|
<div>
|
||
|
<div class="familylinks">
|
||
|
<div class="parentlink"><strong>Parent topic:</strong> <a href="rbal1elements.htm" title="When Distributed Relational Database Architecture (DRDA) is used, the data resources of each server in the DRDA environment should be protected.">Elements of security in an APPC network</a></div>
|
||
|
</div>
|
||
|
</div>
|
||
|
</body>
|
||
|
</html>
|