467,189 Members | 1,338 Online
Bytes | Developer Community
Ask Question

Home New Posts Topics Members FAQ

Post your question to a community of 467,189 developers. It's quick & easy.

z/OS to AIX connection - authentication/authorization

Have an authentication/authorizaiton question. Our usual means to
provide SYSADM authority for incoming connections to DB2 v8.2 on AIX
has been to use SERVER authentication and set the SYSADM_GROUP dbm cfg
parameter accordingly. How can same be accomplished for incoming z/OS
connections when authentication is set to CLIENT? That is, does the
concept of a 'group' apply, where does the 'group' get set (RACF,
maybe?), and is it part of the connection info, in which case the
SYSADM_GROUP parameter can still be used to determine authorities?

Trying to avoid having to grant SYSADM privileges on a user by user
basis. Pardon the possible ignorance of the question - filling in for
the mainframe guy. Any help appreciated. Thx, Jim

PS - I read somewhere in this newsgroup that for incoming z/OS
connections there is no need for DB2 Connect, just set up as DRDA-AS
and AR. Again, forgive possible retard quotient of the question.

Apr 8 '06 #1
  • viewed: 1773
Share:
2 Replies
ji******@aol.com wrote:
Have an authentication/authorizaiton question. Our usual means to
provide SYSADM authority for incoming connections to DB2 v8.2 on AIX
has been to use SERVER authentication and set the SYSADM_GROUP dbm cfg
parameter accordingly. How can same be accomplished for incoming z/OS
connections when authentication is set to CLIENT? That is, does the
concept of a 'group' apply, where does the 'group' get set (RACF,
maybe?), and is it part of the connection info, in which case the
SYSADM_GROUP parameter can still be used to determine authorities?

Trying to avoid having to grant SYSADM privileges on a user by user
basis. Pardon the possible ignorance of the question - filling in for
the mainframe guy. Any help appreciated. Thx, Jim

PS - I read somewhere in this newsgroup that for incoming z/OS
connections there is no need for DB2 Connect, just set up as DRDA-AS
and AR. Again, forgive possible retard quotient of the question.

Jim,

I can tell you that for what you want to do, DB2 Connect is not
required. However, I'm not entirely sure about the authentication
question. If I'm not mistaken, it should work the same way as a
connection coming in from any other client. The user would have to be
authenticated as a member of the os under AIX. That user is (I believe)
determined by the DB2 for z/OS communications tables (SYSIBM.USERNAMES).

Check out the following Redbook:

http://www.redbooks.ibm.com/abstract...6952.html?Open

Hope this helps.

Larry Edelstein
Apr 8 '06 #2
Larry,

Thanks for the guidance. It makes sense that with CLIENT authentication
on the AIX side, user would have to be set up in z/OS communication
table. Looking through the Redbook you mentioned, as well as z/OS Info
Center, found tables apparently related to Application Requestor/Server
groups called ARSUSRGRPID and ARSUSRGRP. Guessing they may actually be
associated with Unix running on mainframe though. Question that remains
is how to map a z/OS user to a 'remote' AIX group, or if that's even
what I need to be doing to get SYSADM authorities for a z/OS user.

Again, any insight from the collective DB2 mainframe mind would be much
appreciated.

Thanks, Jim

Apr 9 '06 #3

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

10 posts views Thread by Brian Conway | last post: by
3 posts views Thread by Kris van der Mast | last post: by
reply views Thread by Anonieko Ramos | last post: by
5 posts views Thread by Maziar Aflatoun | last post: by
1 post views Thread by Joe | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.