Previous Topic: Allow Servers to Execute DIAGNOSE code X’D4’Next Topic: Prepare CA VM:Secure Authorization MODULEs

Rules Facility GuideConfiguring CA VM:Secure to Work with the TCP/IP FeatureSoftware Requirements for Servers Supporting Traditional Server ValidationCA VM:Secure Configuration InformationAllow Servers to Validate VM Passwords

Allow Servers to Validate VM Passwords

Define a SYSTEM DEFAULT rule for allowing the server to validate passwords:

ACCEPT server_userid VALIDATE

A SYSTEM DEFAULT rule should be setup so that an individual user can disallow validation of their own password by establishing a USER level REJECT rule.

The directory entries for each TCP/IP server that uses CA VM:Secure for security validation should contain an IUCV DUALPASS directory statement. Use the VMSECURE EDIT command to insert this record for the FTP, NFS, and REXEC service virtual machines:

IUCV DUALPASS

Note: The IUCV DUALPASS statement is not required; however, without this record, if the FTP server tries to validate a user ID/password pair when the CA VM:Secure server is down for some reason, validation fails with a specification check. With the IUCV DUALPASS statement in place, the validation is performed through an alternate path.