By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
438,333 Members | 1,214 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 438,333 IT Pros & Developers. It's quick & easy.

z/OS to AIX connection - authentication/authorization

P: n/a
Have an authentication/authorizaiton question. Our usual means to
provide SYSADM authority for incoming connections to DB2 v8.2 on AIX
has been to use SERVER authentication and set the SYSADM_GROUP dbm cfg
parameter accordingly. How can same be accomplished for incoming z/OS
connections when authentication is set to CLIENT? That is, does the
concept of a 'group' apply, where does the 'group' get set (RACF,
maybe?), and is it part of the connection info, in which case the
SYSADM_GROUP parameter can still be used to determine authorities?

Trying to avoid having to grant SYSADM privileges on a user by user
basis. Pardon the possible ignorance of the question - filling in for
the mainframe guy. Any help appreciated. Thx, Jim

PS - I read somewhere in this newsgroup that for incoming z/OS
connections there is no need for DB2 Connect, just set up as DRDA-AS
and AR. Again, forgive possible retard quotient of the question.

Apr 8 '06 #1
Share this Question
Share on Google+
2 Replies


P: n/a
ji******@aol.com wrote:
Have an authentication/authorizaiton question. Our usual means to
provide SYSADM authority for incoming connections to DB2 v8.2 on AIX
has been to use SERVER authentication and set the SYSADM_GROUP dbm cfg
parameter accordingly. How can same be accomplished for incoming z/OS
connections when authentication is set to CLIENT? That is, does the
concept of a 'group' apply, where does the 'group' get set (RACF,
maybe?), and is it part of the connection info, in which case the
SYSADM_GROUP parameter can still be used to determine authorities?

Trying to avoid having to grant SYSADM privileges on a user by user
basis. Pardon the possible ignorance of the question - filling in for
the mainframe guy. Any help appreciated. Thx, Jim

PS - I read somewhere in this newsgroup that for incoming z/OS
connections there is no need for DB2 Connect, just set up as DRDA-AS
and AR. Again, forgive possible retard quotient of the question.

Jim,

I can tell you that for what you want to do, DB2 Connect is not
required. However, I'm not entirely sure about the authentication
question. If I'm not mistaken, it should work the same way as a
connection coming in from any other client. The user would have to be
authenticated as a member of the os under AIX. That user is (I believe)
determined by the DB2 for z/OS communications tables (SYSIBM.USERNAMES).

Check out the following Redbook:

http://www.redbooks.ibm.com/abstract...6952.html?Open

Hope this helps.

Larry Edelstein
Apr 8 '06 #2

P: n/a
Larry,

Thanks for the guidance. It makes sense that with CLIENT authentication
on the AIX side, user would have to be set up in z/OS communication
table. Looking through the Redbook you mentioned, as well as z/OS Info
Center, found tables apparently related to Application Requestor/Server
groups called ARSUSRGRPID and ARSUSRGRP. Guessing they may actually be
associated with Unix running on mainframe though. Question that remains
is how to map a z/OS user to a 'remote' AIX group, or if that's even
what I need to be doing to get SYSADM authorities for a z/OS user.

Again, any insight from the collective DB2 mainframe mind would be much
appreciated.

Thanks, Jim

Apr 9 '06 #3

This discussion thread is closed

Replies have been disabled for this discussion.