z/OS UNIX System Services Planning
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


Steps for defining servers to process users without passwords or password phrases

z/OS UNIX System Services Planning
GA32-0884-00

Before you begin: You need to identify all MVS™ user IDs that the specified server needs to access without any client authentication. You also need to determine the level access, either ACCESS(READ) or ACCESS(UPDATE) that the server will have while running with the client's identity. Defining servers to use thread-level security describes those two levels of authority.

Perform the following steps to define servers to process users without passwords or password phrases. The steps are for a sample server called DATASRVR that can support user ID ANONYMOS without a password or password phrase. As you add more servers, you will need to follow similar procedures.

  1. Activate the SURROGAT class support in RACF®, if it has not already been set up on your system. 
    SETROPTS CLASSACT(SURROGAT)

    You only have to do this once on your system.

    Tip: If a daemon or server you are running will use the SURROGAT support, consider using the RACLIST command to keep the SURROGAT profiles in storage. The following example shows how to cache the SURROGAT profiles in storage: 
    SETROPTS RACLIST(SURROGAT)

    _______________________________________________________________

  2. If the SURROGAT profile is in the RACLIST, any changes to the SURROGAT profiles must be followed by a REFRESH command. To create the SURROGAT class profile for user ANONYMOS, issue: 
    RDEFINE SURROGAT BPX.SRV.ANONYMOS UACC(NONE)
SETROPTS RACLIST(SURROGAT) REFRESH

    A similar SURROGAT profile is required for each user ID that a server must support without a password or password phrase.

    _______________________________________________________________

  3. Permit the server to create a thread-level security environment for a specified user.
    Example: To permit server DATASRVR to create a thread-level security environment for user ANONYMOS, issue the PERMIT command: 
    PERMIT BPX.SRV.ANONYMOS CLASS(SURROGAT) ID(DATASRVR) ACCESS(READ)
SETROPTS RACLIST(SURROGAT) REFRESH

    _______________________________________________________________

When you are done, you have defined a server to process users without passwords or password phrases.

Parent topic: Defining servers to process users without passwords or password phrases

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014