This document covers the following topics:
This section describes the steps for installing EntireX Security for Broker kernel under z/VSE.
Insert the following parameter in the section
DEFAULTS=BROKER
of the Broker attribute file:
SECURITY=YES
Modify the SECURITY-PARMS
parameter according
to your requirements: see Security Solutions in EntireX.
Note:
Setting SECURITY=YES
will load the provided PHASE
module
USRSEC
from the EXX960
product sublibrary.
This module will issue the IBM
PRODID
macro in order to obtain authorization to perform privileged operations,
such as execute the RACROUTE
.
The IBM Basic Security Manager must be installed and configured on your system in order to use EntireX Security. This allows EntireX Broker to perform authentication based on a user ID and password stored in BSM for all connected application components. See IBM documentation z/VSE Installation, z/VSE Administration and z/VSE Planning for complete details of IBM Basic Security Manager (BSM).
Note:
It is not necessary to activate the Basic Security Manager in
batch.
See your IBM documentation for detailed instructions for defining user IDs for Basic Security Manager (BSM). The section Resource Definition with subsection Tailoring the Interactive Environment/Maintaining User Profiles provides a description of both online (ICCF) and batch utilities for adding user IDs. The online ICCF transaction for adding user IDs is shown below.
Required fields are shown in bold. If
DAYS=0
, the password will never expire.
Alternatively, you can use the batch program IESUPDCF
. See your z/VSE
documentation for details.
__________________________________________________________________________________ | | | IESADMUPBA ADD OR CHANGE USER PROFILE | | Base II CICS ResClass ICCF | | | | To CHANGE, alter any of the entries except the userid. | | | | USERID............. ENDU 4 - 8 characters (4 characters for ICCF users) | | | | INITIAL PASSWORD... ________ 3 - 8 characters | | | | DAYS............... 000 0-365 Number of days before password expires | | REVOKE DATE........ ________ Date when Userid will be revoked (mm/dd/yy) | | | | USER TYPE.......... 1 1=Administrator, 2=Programmer, 3=General | | INITIAL NAME....... IESEADM Initial function performed at signon | | NAME TYPE.......... 2 1=Application, 2=Selection Panel | | SYNONYM MODEL...... ________ Userid to be used as model for synonyms | | | | | | | | | | PF1=HELP 3=END 5=UPDATE | | 8=FORWARD | | | | | |__________________________________________________________________________________|
This is needed to pick up changes to the Broker attribute file and to initialize Broker kernel under z/VSE as an authorized subsystem able to perform security checks.
Installation of EntireX Security for Broker kernel is now complete.
This section describes the steps for installing EntireX Security for Broker stubs under z/VSE.
The delivered phases BKIMB.PHASE
and BKIMC.PHASE
are
linked for use with internal security, which requires an application to use ACI
version 8 or above. If you are running your application at ACI version 7 or
below, the steps above are required to install EntireX Security for the Broker
stubs in all environments where applications execute either in client/server or
in publish/subscribe mode. These steps are not required if you are
running your application at ACI version 8 or above.
To enable external security, relink the stub modules BKIMB.PHASE
,
and BKIMC.PHASE
(and your application if it does not
dynamically load the stub).
Additionally include the following objects:
ETBUEVA
ETBUPRE
ETBVPRE
ETBVEVA
ETBENC
ETBTP
The following job control is delivered and may be used for relinking the various stub modules:
BKIMB.J
BKIMC.J
Additionally, a detailed description of how to link the stubs and your application can be found under Administration of Broker Stubs under z/VSE.
Rename the phase SECUEXI0.PHASE
in library EXX960 to SECUEXIT.PHASE
.