IBM SC33-1683-02 Server User Manual


 
v After a call to FASTAUTH indicates an access failure that requires logging.
v When a QUERY SECURITY request with the RESCLASS option is used.
This indicates a request for a resource for which CICS has not built
in-storage profiles. (If CICS has in fact built in-storage profiles,
REQUEST=AUTH uses them.)
RACROUTE REQUEST=LIST
Issued to create and delete the in-storage profile lists needed by
REQUEST=FASTAUTH. (One REQUEST=LIST macro is required for each
resource class.) It is issued at the following CICS control points:
When CICS security is being initialized
When an EXEC CICS REBUILD SECURITY is issued
When XRF tracks either of these events.
RACROUTE REQUEST=EXTRACT
Issued (with the parameters SEGMENT=SESSION,CLASS=APPCLU) during
verification of APPC BIND security, at the following CICS control point:
BIND of APPC sessions.
It is also issued (with the parameters SEGMENT=CICS,CLASS=USER) during
signon, at all the control points listed under RACROUTE REQUEST=VERIFY.
For a detailed description of these macros, see the
OS/390 Security Server
External Security Interface (RACROUTE) Macro Reference
manual.
Early verification processing
The CICS signon routine invokes the SAF interface, using the RACROUTE
REQUEST=VERIFY macro with the ENVIR=VERIFY option in problem-program
state. Invoking this version of the macro has no effect if the ESM is RACF, but other
external security manager products can get control through the SAF exit interface,
and perform their own early verification routine.
CICS defers the creation of the accessor environment element until the
RACROUTE REQUEST=VERIFY macro with the ENVIR=CREATE option is issued
to perform the normal verification routine. The ENVIR=CREATE version of the
macro is issued by the security manager domain running in supervisor state.
CICS passes the following information on the ENVIR=VERIFY version of the
RACROUTE REQUEST=VERIFY macro:
USERID
The userid of the user signing on to the CICS region.
GROUP
The group name, if specified, of the group into which the user wants to sign on.
PASSWRD
The user’s password to verify the userid.
NEWPASS
A new value, if specified, for the user’s password. This changes the existing
password and is to be used for subsequent signons.
OIDCARD
The contents, if supplied, of an operator identification card.
CICS security control points
Chapter 28. Invoking a user-written external security manager 729