z/OS UNIX System Services Planning
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


Defining servers to process users without passwords or password phrases

z/OS UNIX System Services Planning
GA32-0884-00

Depending on the design and implementation of a client/server application, a client might not supply an authenticator to the server. For example, some servers process user requests that come from generic user IDs representing anonymous users, or use a method of authentication other than a user ID and password or password phrase combination.

In this case, in which the RACF® password, password phrase, or password substitute (such as the RACF PassTicket) is not specified on the pthread_security_np() service invocation, an additional check is made to ensure that the server is authorized to act as the client. z/OS UNIX uses profiles defined to the RACF SURROGAT class to authorize the server to act as a surrogate of a client. Profiles defined to the SURROGAT class are of the form: 
 BPX.SRV.<userid>
<userid> is the MVS™ user ID of the user that the server will act as a surrogate of. See Defining servers to use thread-level security for the steps to authorize a server to act as a surrogate for client user IDs.

Some servers have the requirement to process user requests that come from generic user IDs representing anonymous users. In order for servers to process requests for thread-level security without passwords or password phrases, follow the steps shown below.

Parent topic: Preparing security for servers

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014