|
- The caller is in supervisor state, so the task and address space
ACEEs are not checked. Therefore, for example, an authorized caller
may extract KERB segment fields, or update the invalid key count,
for any user who has a KERB segment.
- This service returns fields that have been previously populated.
Associated with the returned fields is a length indicator. The length
indicator is set to zero if a field does not exist.
- If RACF_name and KERB_name are both provided for function X'01',
R_kerbinfo will use RACF_name.
- If RACF_name is provided for any function other than X'01',
a parameter list error will be returned.
- If KERB_name is not supplied on a function X'04' request
(the first character is NULL), information about the local z/OS Kerberos
Security Server, KERBDFLT, will be returned. Alternatively, KERB_name
may be explicitly set to KERBDFLT.
- It is the responsibility of the caller to obtain and free the
Data_area. If the fields to be retrieved from RACF® are larger than the Data_area, RACF fails the request and returns
an error. If the size of the Data_area structure is sufficient to
contain this value, the Data_area length (offset 0) is set to the
total length required.
- Field level access checking does not occur when retrieving fields
with this service.
- Field names are returned as 8-character fields, left-justified,
and padded with blanks. They are specified in uppercase.
- Fields that are not applicable for a function code, such as USERID
for function code X'04', will be returned with the length
set to zero.
- If function code X'02' causes a user to be revoked, an
ICH408I message will be issued and an SMF Type 80 record will be cut.
- If the length of data_area structure specified is less than the
minimum length defined in the parameter description a subset of the
data will be returned unless it is less than 838 bytes which will
result in return and reason codes 8,8,24.
|