SERVERTYPE

Use the SERVERTYPE keyword and parameter to specify the type of input the DCAS server receives.

The SERVERTYPE keyword definition can be specified multiple times in the DCAS configuration file.

Subsequent definitions are logically ORed. For example, defining SERVERTYPE ALLTYPES and then SERVERTYPE NOUSERIDTYPE means that DCAS no longer accepts a user ID as input.

Tip:

Use this keyword regardless of the value that is configured on the TLSMECHANISM keyword. End of change

Restriction: Because SERVERTYPE CERTTYPE is the default, it is not valid to only specify SERVERTYPE NOCERTTYPE.


   .-SERVERTYPE CERTTYPE-.   
>>-+---------------------+-------------------------------------->

>--SERVERTYPE CERTTYPE--+-ALLTYPES-------+---------------------><
                        +-USERIDTYPE-----+   
                        +-KERBEROSTYPE---+   
                        +-NOCERTTYPE-----+   
                        +-NOUSERIDTYPE---+   
                        '-NOKERBEROSTYPE-'

Parameters

Guideline: For any SERVERTYPE parameter, DCAS returns a Pass Ticket for the application name that it receives from the client.

SERVERTYPE CERTTYPE

Specifies that DCAS accepts only a X.509 certificate and application name as input. This is the default.

SERVERTYPE ALLTYPES

Specifies that DCAS accepts any form of currently supported and future inputs. This enables DCAS to accept a x.509 certificate, and application name (SERVERTYPE CERTTYPE) as well as a user ID and application name (SERVERTYPE USERIDTYPE).

SERVERTYPE USERIDTYPE

Specifies that DCAS accepts only a user ID and application name as input.

SERVERTYPE KERBEROSTYPE

Specifies that DCAS accepts a Kerberos principal name and application name as input.

SERVERTYPE NOCERTTYPE

Specifies that DCAS not accept the x.509 certificate and application name as input. You can use this to turn off a previous SERVERTYPE CERTTYPE parameter.

SERVERTYPE NOUSERIDTYPE

Specifies that DCAS not accept user ID and application name as input. You can use this to turn off a previous SERVERTYPE USERIDTYPE parameter.

Requirements: You must specify certain values for following IBM®-enhanced logon solutions:

Express® Logon Feature (ELF) requires a SERVERTYPE value of CERTTYPE or ALLTYPES.
Web Express Logon (WEL) requires a SERVERTYPE value of USERIDTYPE or ALLTYPES.

For enhanced logon solutions other than those listed, see your product documentation for the SERVERTYPE value you need to specify. You should have an understanding of the DCAS function required by the solution prior to configuring the SERVERTYPE parameter because the data that DCAS provides is highly sensitive.

SERVERTYPE NOKERBEROSTYPE

Specifies that DCAS does not accept a Kerberos principal name and application name as input. Use this parameter to turn off a previous SERVERTYPE KERBEROSTYPE parameter.

Usage notes

The keywords SAFKEYRING and KEYRING are mutually exclusive. If neither SAFKEYRING nor KEYRING is specified, the default key ring file, key.kdb, is used.
The KERBEROSTYPE support enables the DCAS client to provide a Kerberos principle name and application ID. The Kerberos principal name must be mapped to a RACF® user ID. This allows DCAS to provide a Pass Ticket for the user ID and application name. See z/OS Security Server RACF Security Administrator's Guide for information about defining a KERBLINK profile.
The DCAS server has been enhanced to provide the new function. This requires that the administrator of the single-signon solution use RACF or a similar security product to map a valid z/OS® user ID to a Kerberos principal name. In RACF, do this by creating a KERBLINK profile in RACF.

See z/OS Security Server RACF Security Administrator's Guide for a description of Kerberos principal names and how to map them to user IDs.