Already Verified or Trusted Users

TIBCO MFT Platform Server for IBM i, z/OS, and UNIX support a feature called Already Verified Users. This is sometimes referred to as Trusted Users.

An Already Verified User does not require a password to accompany a transfer request. Requiring passwords in either a command line or graphical screen is not desirable in many cases. User profiles can be used to allow a user to complete a file transfer request without entering a password; the disadvantage of user profiles is that a password is still sent to the server. If the password changes, the user profile must be updated.
Note: If an Already Verified User is utilized by MFT Platform Server, the user ID must be the same on both the client and server systems.

When a user logs onto a system (whether IBM I, z/OS, Windows or UNIX), the user is prompted to enter their user ID and password and is authenticated by the operating system. When a transfer request is initiated by a user, that user has already been verified by the operating system. The MFT Platform Server can detect the user ID that initiated the transfer request. So at this point, the MFT Platform Server knows the user ID that initiated the transfer request, and the MFT Platform Server knows that this user has been authenticated by the operating system.

If the remote user ID and remote password parameters have NOT been defined by the MFT Platform Server user, then the MFT Platform Server sets the remote user ID to the currently logged on user ID, and sets the remote password to a special password to indicate that the user has already been verified.

MFT Platform Server has the option of accepting or rejecting Already Verified User requests.
  • If the already verified user request is accepted, the user is logged onto the system without specifying the user ID and password.
  • If the already verified user request is rejected, an error is sent to the server that indicates that the already verified user request was denied by the node configuration.
Note: Any checking for already verified user support is done only on the server side. The client side performs the already verified user processing regardless of whether already verified user is supported when communicating to a specific node.