The Communications Server protects data and other system resources accessed by applications included in the Communications Server element. This protection requires verification of the identity of the user requesting access. This process is called identification and authentication. In addition, access to resources must be limited to those users with permission. This process is called access control. Communications Server applications use RACF® for identification and authentication, and access control decisions. Authenticated users are granted access to RACF resources only for which they have permission
Most Communications Server applications must be configured specifically to allow anonymous access. One exception is TFTP. TFTP can be configured to control those directories that contain files that can be transferred.
Table 1 depicts a representative set of Communications Server applications, whether user identification is required, and the security credentials under which resource access is made. For more information on specific application considerations, see the topic about each application.
Server | End-user identification | Resource access |
---|---|---|
FTP | Optional 1 | End-user ID or configured anonymous user ID 2 |
LPD | Optional 1 | Server ID or end-user ID |
MVS™ REXECD | Required | End-user ID |
MVS RSHD | Required (password optional) 1 | Surrogate user ID or end-user ID |
NSSD [network security services (NSS) server] | Required | NSS client user ID |
Policy Agent server | Required | Policy client user ID |
TFTP | No | Server user ID 2 |
UNIX REXECD | Required | End-user ID |
UNIX RSHD | Required (password optional) 1 | End-user ID or Server user ID (exit routine to verify request) |
UNIX shell (Telnet/rlogin) | Required | End-user ID |
|