| Author |
Message
|
| ind76 |
 Posted: Thu Mar 13, 2003 4:36 am Post subject: user authentication on OS/390 ! |
 |
|
Apprentice
Joined: 10 Apr 2002
Posts: 29
|
Hi,
We have a 3 tier architecture using MQ with Windows 2000, AIX and OS/390. The message flows from Windows 2000 -> AIX -> OS/390 and the application runs in CICS on OS/390 to process this message. Is there anyway the userid and password supplied by application on Windows 2000 can be validated and authenticated in CICS against RACF ?
I know one way of doing this by supplying the userid and password in the message which can be picked up by CICS application to verify them against RACF, which obviously is not a secure way of achieving what we need. Any ideas ?
Thank you in advance for your responses,
ind76
Last edited by ind76 on Sat Mar 15, 2003 10:53 am; edited 1 time in total |
|
| Back to top |
|
 |
| kevinf2349 |
| Posted: Thu Mar 13, 2003 6:27 am Post subject: |
|
|
Grand Master
Joined: 28 Feb 2003
Posts: 1311
Location: USA
|
We use the Alternate Userid field of the Put Message Option to do this.
It is documented in the Application Programming Guide. |
|
| Back to top |
|
|
| mgrabinski |
| Posted: Fri Mar 14, 2003 12:07 am Post subject: |
|
|
Master
Joined: 16 Oct 2001
Posts: 246
Location: Katowice, Poland
|
You can use it, provided that the Windows user id is no longer than 8 characters - RACF won't accept more.
_________________
Marcin Grabinski <>< |
|
| Back to top |
|
|
| ind76 |
| Posted: Sat Mar 15, 2003 10:57 am Post subject: |
|
|
Apprentice
Joined: 10 Apr 2002
Posts: 29
|
Thanks Marcin,
We don't have any problem having password limiting to 8 characters. The only concern I have is passing the userid and password in the message area. Are there any ideas to pass this information in more secure way ?
ind76 |
|
| Back to top |
|
|
| mgrabinski |
| Posted: Sun Mar 16, 2003 11:51 pm Post subject: |
|
|
Master
Joined: 16 Oct 2001
Posts: 246
Location: Katowice, Poland
|
You don't need to put userid in the message area. You can use the message context for that purpose.
To be susre that your data is safe, you'll need encryption - eihter provided by your channel exit, or by independent vendor (Candle's MQSecure for example).
If you have MQ 5.3 on both ends, you can use its support for SSL.
_________________
Marcin Grabinski <>< |
|
| Back to top |
|
|
| ind76 |
| Posted: Wed Mar 26, 2003 3:40 pm Post subject: Thank you Marcin ! |
|
|
Apprentice
Joined: 10 Apr 2002
Posts: 29
|
Thanks for your help.
ind76 |
|
| Back to top |
|
|
| bob_buxton |
| Posted: Thu Mar 27, 2003 1:57 am Post subject: |
|
|
Master
Joined: 23 Aug 2001
Posts: 266
Location: England
|
If you can generate a PassTicket on your Windows 2000 box you can flow that up to the host instead of a clear text password and use in place of a password when verifying the users identity.
The algorithm for generating Passtickets is explained in the RACF manuals. I don't know if there is any sample code available for generating the passticket in a Windows environment.
_________________
Bob Buxton
Ex-Websphere MQ Development |
|
| Back to top |
|
|
|
|
