Server Access Security Using User ID and Password › Client Manager Security Responsibilities › Client Manager Retrieving the Security Data

Client Manager Retrieving the Security Data

The Client Manager only attempts to obtain security data for a cooperative flow request if the target server selected to process the request has a derived security level of Remote. How and where the Client Manager obtains the user id and password security data is dependent on the type of CFB being processed:

• If the CFB is a Standard Security CFB (the CFB does not contain a security offset area), the Client Manager retrieves the security data from the Client Manager configuration data.
• If the CFB is an Enhanced Security CFB, the Client Manager first determines whether the security data located in the security offset area should be considered. If the Enhanced Security CFB has the CMUseSecure CFB flag byte set, the Client Manager retrieves the security data from within the CFB security offset area.

  If the enhanced security offset area is used, the Client Manager determines whether the CFB is encrypted. If the CFB is encrypted, the Client Manager calls its DECRPYT() user exit to decrypt the CFB prior to extracting the user id and password security offset area.

  If the enhanced security offset area is not used, the Client Manager handles obtaining the needed security data in a manner similar to how it would process a Standard Security CFB.

If the Client Manager determines that it must use its configuration to obtain the needed security data, the Client Manager proceeds in the following manner:

• Uses the Server Security Parameters settings for the selected target server
• Uses the Client Manager Default Security Parameters setting
• Uses the security data supplied by the Client Manager Logon dialog