ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzamv_5.4.0.1/rzamvappcnetworkresp.htm

79 lines
5.4 KiB
HTML
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="reference" />
<meta name="DC.Title" content="Options for dividing network security responsibility" />
<meta name="abstract" content="When your system participates in a network, you must decide whether to trust the other systems to validate the identity of a user who is trying to enter your system." />
<meta name="description" content="When your system participates in a network, you must decide whether to trust the other systems to validate the identity of a user who is trying to enter your system." />
<meta name="DC.Relation" scheme="URI" content="rzamvappctarget.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="appcnetworkresp" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Options for dividing network security responsibility</title>
</head>
<body id="appcnetworkresp"><a name="appcnetworkresp"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Options for dividing network security responsibility</h1>
<div><p>When your system participates in a network, you must decide whether to trust the other systems to validate the identity of a user who is trying to enter your system.</p>
<div class="section"><p>Will you trust SYSTEMA to ensure that USERA is really USERA (or QSECOFR is really QSECOFR)? Or will you require a user to provide a user ID and password again?</p>
<p>The secure location (SECURELOC) parameter on the APPC device description on the target system specifies whether the source system is a secure (trusted) location.</p>
<p>When both systems are running a release that supports *VFYENCPWD, SECURELOC(*VFYENCPWD) provides additional protection when applications use SECURITY(SAME). Although the requester does not enter a password on the request, the source system retrieves the users password and sends it with the request. For the request to be successful, the user must have the same user ID <u>and</u> password on both systems. </p>
<p>When the target system specifies SECURELOC(*VFYENCPWD) and the source system does not support this value, the target system handles the request as SECURITY(NONE). </p>
<div class="tablenoborder"><a name="appcnetworkresp__secloc"><!-- --></a><table cellpadding="4" cellspacing="0" summary="" id="appcnetworkresp__secloc" width="100%" frame="border" border="1" rules="all"><caption>Table 1. How the APPC security value and the SECURELOC value work together</caption><thead align="left"><tr valign="bottom"><th valign="bottom" id="d0e33">Source system</th>
<th colspan="2" valign="bottom" id="d0e35">Target system</th>
</tr>
<tr><th valign="top" id="d0e38">Architected security value</th>
<th valign="top" id="d0e40">SECURELOC value</th>
<th valign="top" id="d0e42">User profile for job</th>
</tr>
</thead>
<tbody><tr><td valign="top" headers="d0e33 d0e38 ">None</td>
<td valign="top" headers="d0e35 d0e40 ">Any</td>
<td valign="top" headers="d0e35 d0e42 ">Default user<sup>1</sup></td>
</tr>
<tr><td rowspan="3" valign="top" headers="d0e33 d0e38 ">Same</td>
<td valign="top" headers="d0e35 d0e40 ">*NO</td>
<td valign="top" headers="d0e35 d0e42 ">Default user<sup>1</sup></td>
</tr>
<tr><td valign="top" headers="d0e35 d0e40 ">*YES</td>
<td valign="top" headers="d0e35 d0e42 ">Same user profile name as requester from source system</td>
</tr>
<tr><td valign="top" headers="d0e35 d0e40 ">*VFYENCPWD</td>
<td valign="top" headers="d0e35 d0e42 ">Same user profile name as requester from source system. The user must have the same password on both systems.</td>
</tr>
<tr><td valign="top" headers="d0e33 d0e38 ">Program</td>
<td valign="top" headers="d0e35 d0e40 ">Any</td>
<td valign="top" headers="d0e35 d0e42 ">The user profiles that are specified on the request from the source system</td>
</tr>
<tr><td colspan="3" valign="top" headers="d0e33 d0e35 d0e38 d0e40 d0e42 "><div class="note"><span class="notetitle">Note:</span> <ol><li>The default user is determined by the communications entry in the subsystem description.</li>
</ol>
</div>
</td>
</tr>
</tbody>
</table>
</div>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzamvappctarget.htm" title="The topics that follow describe the elements that determine how an APPC user gains entrance to the target system.">APPC user access to the target system</a></div>
</div>
</div>
</body>
</html>