The following information shows the actions that SASSBSTR, CAL2X2W0, and CAL2X2T0 perform during execution with relation to security.
A security EXTRACT is done to determine the USERID of the submitted job or user environment. This USERID is later used to generate a full logon statement or optionally perform a submit check. The input stream is then read to determine whether a logon statement was supplied. If no logon statement was supplied, one is generated for the execution. The logon statement resembles the following:
/LOGON extid *GENERATED LOGON*
The extid is the EXTRACTed ID of the job. This logon statement is passed to CA WA CA 7 Edition indicating that no password is needed with this particular logon attempt.
If a logon statement with an OPID is found and the OPID is the same as the EXTRACTed ID, the logon statement is passed to CA WA CA 7 Edition indicating that no password is needed with this particular logon attempt.
If the OPID is not the same as the EXTRACTed ID, other checks are done. A check is made to see whether the value of BSUBCHK for the instance is Y. If so, a submit check is performed. The check is done to see whether the EXTRACTed ID has the authority to submit on behalf of the OPID in the logon statement. If the check is okay, the logon statement is passed to CA WA CA 7 Edition indicating that no password is needed with this particular logon attempt.
If the value of BSUBCHK for the instance is not Y, no submit checks are done. The logon statement is passed as it is coded with no special indication to CA WA CA 7 Edition. If CA WA CA 7 Edition has EXTERNAL=LOGON coded in the initialization file, a logon check is performed trying to supply a password. If the password was entered on the logon statement, the external security package validates it. If no password was coded, the logon fails due to a missing password.
In general, a password is needed only two times:
Note: Values of SVDSNCHK and BSUBCHK are set using CAIRIM. This method is discussed in the chapter "Execution" in the Systems Programming Guide. There you can also find information about CAL2ENVR, a utility that reports current options used by each instance of CA WA CA 7 Edition supported on the LPAR. CAL2ENVR can be used to determine the current settings of keywords such as SVDSNCHK and BSUBCHK.
For CAL2X2W0 (CAICCI Terminal) and CAL2X2T0 (TCP/IP Terminal) executions, the BSUBCHK setting for the target instance of CA WA CA 7 Edition can optionally be used.
If used, the setting overrides any setting on the submitting terminal. The submitting terminal BSUBCHK setting is used for either of the following:
If the target CA WA CA 7 Edition instance is using a value for submit class other than the default SUBMIT, that value can optionally be used for the submit check on the sending terminal. The default submit class value is used for either of the following:
|
Copyright © 2013 CA Technologies.
All rights reserved.
|
|