Use the SERVERTYPE keyword and parameter to specify the
type of input the DCAS server receives.
The SERVERTYPE keyword definition can be specified multiple
times in the DCAS configuration file.
Subsequent definitions are logically ORed. For example,
defining SERVERTYPE ALLTYPES and then SERVERTYPE NOUSERIDTYPE means
that DCAS no longer accepts a user ID as input.
Tip: Use this keyword regardless of
the value that is configured on the TLSMECHANISM keyword.
Restriction: Because
SERVERTYPE CERTTYPE is the default, it is not valid to only specify
SERVERTYPE NOCERTTYPE.
.-SERVERTYPE CERTTYPE-.
>>-+---------------------+-------------------------------------->
>--SERVERTYPE CERTTYPE--+-ALLTYPES-------+---------------------><
+-USERIDTYPE-----+
+-KERBEROSTYPE---+
+-NOCERTTYPE-----+
+-NOUSERIDTYPE---+
'-NOKERBEROSTYPE-'
Parameters
Guideline: For any SERVERTYPE
parameter, DCAS returns a Pass Ticket for the application name that
it receives from the client.
- SERVERTYPE CERTTYPE
- Specifies that DCAS accepts only a X.509 certificate and application
name as input. This is the default.
- SERVERTYPE ALLTYPES
- Specifies that DCAS accepts any form of currently supported and
future inputs. This enables DCAS to accept a x.509 certificate, and
application name (SERVERTYPE CERTTYPE) as well as a user ID and application
name (SERVERTYPE USERIDTYPE).
- SERVERTYPE USERIDTYPE
- Specifies that DCAS accepts only a user ID and application name
as input.
- SERVERTYPE KERBEROSTYPE
- Specifies that DCAS accepts a Kerberos principal name and application
name as input.
- SERVERTYPE NOCERTTYPE
- Specifies that DCAS not accept the x.509 certificate and application
name as input. You can use this to turn off a previous SERVERTYPE
CERTTYPE parameter.
- SERVERTYPE NOUSERIDTYPE
- Specifies that DCAS not accept user ID and application name as
input. You can use this to turn off a previous SERVERTYPE USERIDTYPE
parameter.
Requirements: You must specify certain values
for following IBM®-enhanced logon
solutions:
- Express® Logon Feature
(ELF) requires a SERVERTYPE value of CERTTYPE or ALLTYPES.
- Web Express Logon (WEL)
requires a SERVERTYPE value of USERIDTYPE or ALLTYPES.
For enhanced logon solutions other than those listed,
see your product documentation for the SERVERTYPE value you need to
specify. You should have an understanding of the DCAS function required
by the solution prior to configuring the SERVERTYPE parameter because
the data that DCAS provides is highly sensitive.
- SERVERTYPE NOKERBEROSTYPE
- Specifies that DCAS does not accept a Kerberos principal name
and application name as input. Use this parameter to turn off a previous
SERVERTYPE KERBEROSTYPE parameter.
- The keywords SAFKEYRING and KEYRING are mutually exclusive. If
neither SAFKEYRING nor KEYRING is specified, the default key ring
file, key.kdb, is used.
- The KERBEROSTYPE support enables the DCAS client to provide a
Kerberos principle name and application ID. The Kerberos principal
name must be mapped to a RACF® user
ID. This allows DCAS to provide a Pass Ticket for the user ID and
application name. See z/OS Security Server RACF Security Administrator's
Guide for information about defining a KERBLINK
profile.
The DCAS server has been enhanced to provide the new function.
This requires that the administrator of the single-signon solution
use RACF or a similar security
product to map a valid z/OS® user
ID to a Kerberos principal name. In RACF,
do this by creating a KERBLINK profile in RACF.
See z/OS Security Server RACF Security Administrator's
Guide for a description of Kerberos principal
names and how to map them to user IDs.