Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
Home
Discussion Groups
Database Servers
DB2InformixIngresMS SQLOraclePervasive.SQLPostgreSQLProgressSybase
Desktop Databases
FileMakerFoxProMS AccessParadox
General
General DB TopicsDatabase Theory
Related Topics
Java Development.NET DevelopmentVB DevelopmentMore Topics ...
Database Forum / DB2 Topics / April 2006

Tip: Looking for answers? Try searching our database.

z/OS to AIX connection - authentication/authorization

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
jimcleve@aol.com - 08 Apr 2006 20:38 GMT
Have an authentication/authorizaiton question.  Our usual means to
provide SYSADM authority for incoming connections to DB2 v8.2 on AIX
has been to use SERVER authentication and set the SYSADM_GROUP dbm cfg
parameter accordingly. How can same be accomplished for incoming z/OS
connections when authentication is set to CLIENT?  That is, does the
concept of a 'group' apply, where does the 'group' get set (RACF,
maybe?), and is it part of the connection info, in which case the
SYSADM_GROUP parameter can still be used to determine authorities?

Trying to avoid having to grant SYSADM privileges on a user by user
basis.  Pardon the possible ignorance of the question - filling in for
the mainframe guy.  Any help appreciated.  Thx, Jim

PS - I read somewhere in this newsgroup that for incoming z/OS
connections there is no need for DB2 Connect, just set up as DRDA-AS
and AR.  Again, forgive possible retard quotient of the question.
Reply to this Message
Larry - 08 Apr 2006 21:28 GMT
> Have an authentication/authorizaiton question.  Our usual means to
> provide SYSADM authority for incoming connections to DB2 v8.2 on AIX
[quoted text clipped - 12 lines]
> connections there is no need for DB2 Connect, just set up as DRDA-AS
> and AR.  Again, forgive possible retard quotient of the question.

Jim,

I can tell you that for what you want to do, DB2 Connect is not
required. However, I'm not entirely sure about the authentication
question. If I'm not mistaken, it should work the same way as a
connection coming in from any other client. The user would have to be
authenticated as a member of the os under AIX. That user is (I believe)
determined by the DB2 for z/OS communications tables (SYSIBM.USERNAMES).

Check out the following Redbook:

http://www.redbooks.ibm.com/abstracts/sg246952.html?Open

Hope this helps.

Larry Edelstein
Reply to this Message
jimcleve@aol.com - 09 Apr 2006 01:34 GMT
Larry,

Thanks for the guidance. It makes sense that with CLIENT authentication
on the AIX side, user would have to be set up in z/OS communication
table.  Looking through the Redbook you mentioned, as well as z/OS Info
Center, found tables apparently related to Application Requestor/Server
groups called ARSUSRGRPID and ARSUSRGRP.  Guessing they may actually be
associated with Unix running on mainframe though. Question that remains
is how to map a z/OS user to a 'remote' AIX group, or if that's even
what I need to be doing to get SYSADM authorities for a z/OS user.

Again, any insight from the collective DB2 mainframe mind would be much
appreciated.  

Thanks, Jim
Reply to this Message
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2009 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.