Support User Manuals

IBM SC41-5420-04 Server User Manual

Open as PDF

of 116

Table 9. TCP/IP Application Exit Points (continued)

TCP/IP Application Exit Point Exit Point Format

Note:

1

The same interface format is used for request validation for the FTP client, FTP server, REXEC server, and

TFTP server. This allows the use of one exit program for request validation of any combination of these

applications.

2

The same interface format is used for server log-on processing for the FTP server and REXEC server

applications. This allows the use of one exit program to process log-on requests for both of these

applications.

3

For a detailed description of the DHCP exit points and how to use them, see System API Reference

(http://publib.boulder.ibm.com/pubs/html/as400/v5r1/ic2924/info/apis/api.htm) in the Information

Center. If you are using the Supplemental Manuals CD, then switch to the iSeries Information Center CD

to access this information.

Creating Exit Programs

There are several steps involved in designing and writing exit programs. They

include:

1. Review the purpose of the exit point and the format of its interface

2. Define the scope and operation of your exit program

3. Design the exit program

4. Code the exit program

5. Add the exit program to the appropriate exit point in the registration facility.

(See “Adding Your Exit Program to the Registration Facility” for instructions on

how to do this.)

Note: Only users with both *SECADM and *ALLOBJ authority are allowed to

add and remove TCP/IP application exit programs.

6. Test your exit program

v Tests for each user ID

v Tests for each operation

The most important step in establishing security exit programs is verifying that

the exit program works. You must assure that the security wall works and does

not have any weaknesses.

Notes:

1. If the exit program fails or returns an incorrect output parameter, the operation

will not be allowed by the TCP/IP application.

2. To ensure the highest level of security, create the exit program in a library that

has *PUBLIC authority of *EXCLUDE and give the exit program itself a

*PUBLIC authority of *EXCLUDE. The TCP/IP application adopts authority

when it is necessary to resolve and call the exit program.

Adding Your Exit Program to the Registration Facility

To add your exit program, run the Work with Registration Information

(WRKREGINF) command. The following display is shown:

Appendix B. TCP/IP Application Exit Points and Programs 81

||

|

|

previous next