IBM SC34-6814-04 Server User Manual


 
v When an invalid password, or a passticket is presented, or an EXEC CICS
VERIFY PASSWORD command is issued.
RACROUTE REQUEST=FASTAUTH
Issued during resource checking, on behalf of a user who is identified by an
ACEE. It is the high-performance form of REQUEST=AUTH, using in-storage
resource profiles, and is issued at the following CICS control points:
v When attaching local transactions
v When checking link security for transaction attach
v Transaction validation for MRO tasks
v CICS resource checking
v Link security check for a CICS resource
v Transaction validation for EDF
v Transaction validation for the transaction being tested (by EDF)
v DBCTL PSB scheduling resource security check
v DBCTL PSB scheduling link security check
v Remote DL/I PSB scheduling resource check
v QUERY SECURITY with the RESTYPE option.
RACROUTE REQUEST=AUTH
This is a higher path length form of resource checking. It is used:
v After a call to FASTAUTH indicates an access failure that requires logging.
v When a QUERY SECURITY request with the RESCLASS option is used.
This indicates a request for a resource for which CICS has not built
in-storage profiles. (If CICS has in fact built in-storage profiles,
REQUEST=AUTH uses them.)
RACROUTE REQUEST=LIST
Issued to create and delete the in-storage profile lists needed by
REQUEST=FASTAUTH. (One REQUEST=LIST macro is required for each
resource class.) It is issued at the following CICS control points:
v When CICS security is being initialized
v When an EXEC CICS REBUILD SECURITY is issued
v When XRF tracks either of these events.
RACROUTE REQUEST=EXTRACT
Issued (with the parameters SEGMENT=SESSION,CLASS=APPCLU) during
verification of APPC BIND security, at the following CICS control point:
v BIND of APPC sessions.
It is also issued (with the parameters SEGMENT=CICS,CLASS=USER) during
signon, at all the control points listed under RACROUTE REQUEST=VERIFY.
For a detailed description of these macros, see the OS/390 Security Server
External Security Interface (RACROUTE) Macro Reference manual.
Using early verification processing
The CICS signon routine invokes the SAF interface, using the RACROUTE
REQUEST=VERIFY macro with the ENVIR=VERIFY option in problem-program
state. Invoking this version of the macro has no effect if the ESM is RACF, but other
external security manager products can get control through the SAF exit interface,
and perform their own early verification routine.
Chapter 31. Invoking an external security manager 797