IBM GC28-1920-01 Server User Manual


 
Chapter 6. Customization Considerations
This chapter identifies customization considerations for RACF.
For additional information, see
OS/390 Security Server (RACF) System
Programmer's Guide
.
Customer Additions to the CDT
Installations must verify that classes they have added to the class descriptor table
(CDT) do not conflict with new classes shipped with RACF. If duplicate CDT
entries are detected, the following error messages are issued at IPL time:
For a duplicate router table entry, RACF issues this message and continues
processing: ICH527I RACF DETECTED AN ERROR IN THE INSTALLATION ROUTER
TABLE, ENTRY class_name, ERROR CODE 1.
For a duplicate CDT entry, RACF issues this message and enters failsoft mode:
ICH511I RACF DETECTED AN ERROR IN THE INSTALLATION CLASS DESCRIPTOR
TABLE, ENTRY class_name, ERROR CODE 7.
If a conflict in class names occurs, you must delete the profiles in the
installation-defined class with the conflicting name, delete the CDT entry for the
class, add a CDT entry with a different name, and redefine the profiles.
Do not assemble the user-defined CDT (ICHRRCDE) on OS/390 Release 2 and
attempt to use it on a system running RACF at a lower level than RACF 2.2.
Exit Processing
Installation-written exits might be affected by new function introduced in OS/390
Release 2 Security Server (RACF).
Effects of OS/390 OpenEdition DCE Support on ICHRCX01, ICHRCX02,
and IRRSXT00
OS/390 OpenEdition DCE support can affect:
The RACROUTE REQUEST=AUTH preprocessing and processing exits
The IRRSXT00 installation exit
RACROUTE REQUEST=AUTH Preprocessing and
Postprocessing Exits
RACF support for OS/390 OpenEdition DCE introduces new indicators in the
ACEE. These indicators mark the ACEE as a
client ACEE
. Client ACEEs are
created by OS/390 OpenEdition and RACF on behalf of multithreaded unauthorized
application servers on OS/390. There are two types of client ACEE:
Unauthenticated client ACEE
When an unauthenticated client ACEE is used in an access control decision,
two authorization checks occur.
Copyright IBM Corp. 1994, 1996 35