This document introduces EntireX Security under UNIX through overviews of the functionality and components of EntireX Security. The location where Broker Kernel is installed determines the functionality made available for EntireX Security.
This document covers the following topics:
Note:
Setting up EntireX Security is described under Setting up EntireX Security under UNIX.
This table lists the security functionality available with EntireX Security running Broker Kernel under the respective operating system.
| Security Functionality | z/OS | UNIX | Windows | BS2000 | z/VSE | Comment |
|---|---|---|---|---|---|---|
| Authentication of user | Yes | Yes | Yes | Yes | Yes | Verify broker user ID and broker password sent by an application to the broker. Under z/OS the broker verifies a long broker password as a RACF password phrase. |
| User password change | Yes | No | No | No | No | |
| LDAP authentication | No | Yes | Yes | No | No | Authenticate using LDAP repository. |
| Trusted user ID | Yes | No | No | No | No | Trusted computer base, avoiding plain text password. |
| Verified client user ID | Yes | No | No | Yes | Yes | Provide verified identity of client to server. |
| Authorization of client request | Yes | No | No | No | No | |
| Authorization of server register | Yes | No | No | No | No | |
| Authorize IP connection | Yes | No | No | No | No | |
| Authorization rules | No | Yes | Yes | No | No | An authorization rule is used to perform access checks for authenticated user IDs against lists of services defined within the rule. This feature is available on UNIX and Windows using EntireX Security on these platforms. Authorization rules can be stored in the Broker attribute file or in an LDAP repository. See Authorization Rules. |
| SSL/TLS | (1) | Yes | Yes | No | (2) | Industry standard encryption mechanism. See SSL/TLS and Certificates with EntireX. |
Notes:
The broker acts as an agent to make the creation and operation of client/server applications simpler and more effective. Any number of server applications can be built for use by any number of clients. EntireX Security allows you to protect your server applications and clients independently. Clients and servers are authenticated by user ID and password on their first contact with the system.
This diagram depicts the location where the broker kernel must be installed and where the broker stubs can be installed. It also depicts the location of the security components of the kernel and stubs of broker.
