Support User Manuals

IBM GC28-1920-01 Server User Manual

Open as PDF

of 110

OpenEdition Planning

, and in

OS/390 OpenEdition Programming: Assembler

Callable Services Reference

. The C language support for the

pthread_security_np() function is discussed in

OS/390 R2 C/C

++

Run-Time

Library Reference

.

Threads and Security

An application that uses the pthread_security_np service can customize the

RACF identity of a thread. Consider a DCE application server on OS/390, which

accepts requests through DCE remote procedure calls (RPC). This server initiates

a thread that processes the client's request. If the server customizes the thread

initiated for the client with the client's RACF identity, any resource access decisions

to MVS RACF-protected resources are made using the client's RACF identity and

authorizations.

The security administrator has the option of enforcing both the application server's

RACF identity

and

the RACF identity of the client to be used in resource access

control decisions on OS/390.

The use of the pthread_security_np service is partially protected through a RACF

FACILITY class profile BPX.SERVER.

 Application servers that have UPDATE access to this profile can act as a

surrogate of the client.

2

This means that only the client's RACF identity and

authorizations are used in resource access decisions processed by RACF.

 If the application servers are permitted with READ access to the RACF

FACILITY class profile BPX.SERVER, two identities are used in local access

control decisions on OS/390:

– The RACF identity of the client

– The RACF identity of the server

RACF authorization processing enforces the requirement that

both

the MVS

user ID associated with the client and the MVS user ID associated with the

server are authorized to the resource being checked. This capability enables

an installation to control:

– Which user IDs the server can act on behalf of

– What resources the server can access when acting on behalf of one of its

clients

This additional security checking might require additional RACF administration to

authorize the server to the RACF resource profiles that the server accesses on

behalf of its clients.

Single threaded applications cannot use the pthread_security_np service to

manage a RACF ACEE.

2

There is an additional security check in which a RACF SURROGAT class profile must authorize the server to act as a surrogate

for the client. For more information see

OS/390 OpenEdition Planning

.

40 OS/390 V1R2.0 Security Server (RACF) Planning: Installation and Migration

previous next