Support User Manuals

IBM GC28-1920-01 Server User Manual

Open as PDF

of 110

Chapter 6. Customization Considerations

This chapter identifies customization considerations for RACF.

For additional information, see

OS/390 Security Server (RACF) System

Programmer's Guide

.

Customer Additions to the CDT

Installations must verify that classes they have added to the class descriptor table

(CDT) do not conflict with new classes shipped with RACF. If duplicate CDT

entries are detected, the following error messages are issued at IPL time:

 For a duplicate router table entry, RACF issues this message and continues

processing: ICH527I RACF DETECTED AN ERROR IN THE INSTALLATION ROUTER

TABLE, ENTRY class_name, ERROR CODE 1.

 For a duplicate CDT entry, RACF issues this message and enters failsoft mode:

ICH511I RACF DETECTED AN ERROR IN THE INSTALLATION CLASS DESCRIPTOR

TABLE, ENTRY class_name, ERROR CODE 7.

If a conflict in class names occurs, you must delete the profiles in the

installation-defined class with the conflicting name, delete the CDT entry for the

class, add a CDT entry with a different name, and redefine the profiles.

Do not assemble the user-defined CDT (ICHRRCDE) on OS/390 Release 2 and

attempt to use it on a system running RACF at a lower level than RACF 2.2.

Exit Processing

Installation-written exits might be affected by new function introduced in OS/390

Release 2 Security Server (RACF).

Effects of OS/390 OpenEdition DCE Support on ICHRCX01, ICHRCX02,

and IRRSXT00

OS/390 OpenEdition DCE support can affect:

 The RACROUTE REQUEST=AUTH preprocessing and processing exits

 The IRRSXT00 installation exit

RACROUTE REQUEST=AUTH Preprocessing and

Postprocessing Exits

RACF support for OS/390 OpenEdition DCE introduces new indicators in the

ACEE. These indicators mark the ACEE as a

client ACEE

. Client ACEEs are

created by OS/390 OpenEdition and RACF on behalf of multithreaded unauthorized

application servers on OS/390. There are two types of client ACEE:

 Unauthenticated client ACEE

When an unauthenticated client ACEE is used in an access control decision,

two authorization checks occur.

 Copyright IBM Corp. 1994, 1996 35

previous next