A generated GUI DPC application is responsible for notifying the Client Manager how to obtain security data if the target server derived security level is set to Remote. The GUI application notifies the Client Manager by way of the CFB. The CFB is populated by the GUI runtime. Values coded by the user in the WRSECTOKEN user exit determine how the CFB is populated.
The WRSECTOKEN GUI runtime client security user exit must be modified by the user to set the return code to one of the following three values:
The values of the CLIENT_USERID and CLIENT_PASSWORD system attributes will be populated into the CFB header area by the GUI runtime. The security offset area will not be added to a Standard Security CFB.
The resulting CFB is similar to the Standard Security CFB in that it does not contain a security offset area. When WRSECTOKEN returns SecurityNotUsed, the CLIENT_USERID and CLIENT_PASSWORD attribute values are ignored and are not placed anywhere within the CFB by the DPC. This is the default behavior of the WRSECTOKEN user exit implementation.
An enhanced security CFB contains a security offset area. This area will contain the values of the CLIENT_USERID and CLIENT_PASSWORD system attributes. Additionally, the user-written code in WRSECTOKEN can cause an optional security token to be added to the CFB security offset.
The CLIENT_USERID attribute value is also placed into the User ID field within the CFB header. The password data is not added to the header for an enhanced security CFB.
If WRSECTOKEN returns a value of SecurityUsedEnhanced that indicates the Client Manager should use the data contained in the enhanced security offset area if the target server has a derived security level of Remote.
|
Copyright © 2013 CA.
All rights reserved.
|
|