When a command is directed to another node it uses the installation
exits and naming convention table of the node on which it runs, not of
the node on which it is issued. If you plan to use RRSF in remote
mode, you should first ensure that any installation exits and naming
convention tables that you have on the RRSF nodes are compatible.
Otherwise, a command might have different results when it runs on
different nodes.
If you plan to use password synchronization or automatic password
direction you are not required to use the same password authentication
algorithm on each RRSF node, but it is a good practice to do so. Although
nodes can have different ICHDEX01 exits and still synchronize passwords,
if you have security reasons for using a stronger algorithm on one
node, it is advisable to use the stronger algorithm on all nodes that
synchronize passwords. A system with a stronger algorithm is as vulnerable
as one using a weaker algorithm if they synchronize passwords, because
a password that is compromised on the weaker system can then be used
on the stronger system.
Directed commands and application updates run in the RACF® subsystem address space rather than a user's
address space. Installation exits that need to know whether they have
been given control in the RACF subsystem
address space or a user's address space should check the ACEERASP
bit in the ACEE. The ACEERASP bit is on in the address space level
ACEE of the RACF address space.
When automatic direction of application updates is active, RACROUTE
REQUEST=DEFINE exits can instruct RACF to
propagate installation data that is passed to them. For more information,
see Automatic direction of application updates.
During the execution of a RACF command
or macro, one or more installation exits might be invoked. If one
of these installation exits issues a RACF command,
that command is referred to as an
exit-generated command. If
one of these installation exits issues a RACROUTE macro or ICHEINTY
macro to update the RACF database,
that macro is referred to as an
exited-generated macro. If
automatic direction is in effect, the exit-generated command or macro
might or might not be propagated by automatic direction, according
to the following rules:
- If the original RACF command
or macro is not eligible for direction, but the exit-generated command
or macro is eligible for direction, RACF propagates
the exit-generated command or macro based on the RRSFDATA profiles.
For example, if an application issues a RACROUTE REQUEST=AUTH macro,
which is not eligible for direction, and the ICHRCX01 exit issues
a RACROUTE REQUEST=DEFINE, which is eligible for direction, RACF propagates the RACROUTE REQUEST=DEFINE
if the RRSFDATA profiles specify that it should be directed.
- If the original RACF command
or macro is eligible for direction, the exit-generated command or
macro might or might not be propagated:
- If the exit-generated command or macro runs under the same task
(TCB) as the original RACF command
or exit, automatic direction does not propagate the exit-generated
command or macro. For example, if an exit invokes a RACF command using the LINK macro, the command
is not propagated. However, as long as you have the same exit on two
systems, the exit issues the command or macro once on each system,
and the RACF databases should
remain synchronized.
- If the exit-generated command or macro runs under a different
task (TCB) than the task for the original RACF command or exit (for example, an exit creates
a new task which runs a command) then the exit-generated command or
macro is propagated based on the RRSFDATA profiles. For example, if
an exit invokes a RACF command
using the ATTACH macro, the command is propagated if the RRSFDATA
profiles specify that it should be directed.
In this situation,
if two or more RRSF nodes have the same installation exit, the exit-generated
command or update might be propagated more than once and produce unpredictable
results.
Example: Assume that the RACROUTE REQUEST=DEFINE
postprocessing exit (ICHRDX02) called from the ADDSD 'JOE.*' command
creates a subtask using the ATTACH macro to run the command RDEFINE
FACILITY JOE.*. Assume that the same ICHRDX02 exit is present
on both NODE1 and NODE2, and that automatic command direction has
been activated to propagate all DATASET and FACILITY class commands
between NODE1 and NODE2.
When ADDSD 'JOE.*' is
running on NODE1, the exit issues the RDEFINE command, and automatic
command direction propagates that command to NODE2. Meanwhile, on
NODE2 the propagated RDEFINE FACILITY JOE.* command
runs and completes successfully. On NODE1 the ADDSD command completes
successfully and automatic command direction propagates the command
to NODE2. Next, on NODE2 the propagated ADDSD 'JOE.*' begins.
The exit on NODE2 gets control and ATTACHes the RDEFINE command on
NODE2, which fails with return code 4 because it already ran once
on NODE2.
Automatic command direction then propagates the
RDEFINE command to NODE1 where it also fails with return code 4. Therefore,
the RDEFINE command runs twice on each node. The second RDEFINE command
on each node is unnecessary and fails.
Although this example
does not cause the RACF databases
to become unsynchronized, your installation exits might issue RACF commands or macros that can
cause synchronization problems.