![]() |
Copyright © TIBCO Software Inc. All Rights Reserved |
Before you can log in to a TIBCO Object Service Broker session, you must have security login clearance to access TIBCO Object Service Broker. This login clearance is specified through user IDs and passwords. A user ID can be specific to an individual user, or in the case of z/OS it can be a terminal ID or transaction ID. In all cases, to activate a session, each user ID used to access TIBCO Object Service Broker must be:
2.
• INTERNAL TIBCO Object Service Broker security (see Authentication Using TIBCO Object Service Broker Security). This is the default.
• EXTERNAL External security, such as RACF or Generic Security Service (GSS) (see Authentication Using External Security).
• MIXED Mixed security (see Authentication Using Mixed Security). TIBCO Object Service Broker security is used first. External security is used if the first verification attempt fails.The specified policy for your site determines whether the user ID to be associated with your session is either inherited from your external environment or explicitly specified using the USERID=userid session parameter.On z/OS only, you set the SECURITY parameter using the JCL in the EECONFIG member of the CNTL data set distributed with TIBCO Object Service Broker. EECONFIG contains JCL for creating parameter modules for all TIBCO Object Service Broker z/OS environments.Refer to Chapter 12, Implementing External Security for implementation details if an external package is to be used.
• If the Userid profile is set with Ext Security Mixed-case Password: N and you type your password on z/OS, TIBCO Object Service Broker changes it to uppercase.
• If the Userid profile is set with EXT Security Mixed-case Password: Y, The case sensitivity depends on your external security software. Refer to Ext Security Mixed-case PasswordIn a distributed data environment, where Open Systems passwords could be used to access data on z/OS, TIBCO Object Service Broker does not change them to uppercase. In this situation, your Windows or Solaris password must be defined in uppercase.TIBCO Object Service Broker Parameters for a detailed explanation of the Execution Environment and session parameters.TIBCO Object Service Broker for z/OS Installing and Operating for information about EECONFIG.To start the session, your client session must explicitly supply the password to be associated with your user ID as a session parameter. Your supplied password is validated against the password maintained by TIBCO Object Service Broker security for your user ID.In interactive sessions, you are prompted for the password if it is not supplied or if the initial password you supplied does not validate.TIBCO Object Service Broker Parameters for information about parameters.The user ID initiating your session must be authenticated by the external security manager before your session is started with that user ID. The type of session determines the authentication policy.Seamless z/OS clients started in CICS or IMS TM external environments are assumed to be authenticated, since the environment is responsible for its own security.For non-seamless z/OS clients, your user ID is assumed to be authenticated if your TIBCO Object Service Broker user ID is inherited from the external environment. If your user ID is specified by the USERID session parameter (and is different from that which would have been inherited from the external environment), TIBCO Object Service Broker uses the external security manager to authenticate your user ID with the supplied password.For Open Systems clients, your user ID must be specified by the USERID session parameter. TIBCO Object Service Broker then uses the external security manager to authenticate your user ID with the supplied password.For interactive sessions, you are prompted for the password if the external security manager rejects the supplied password or if you did not supply one.TIBCO Object Service Broker Parameters for information about parameters.TIBCO Object Service Broker for z/OS External Environments about seamless and non-seamless clients.If the client is seamless (on z/OS only) or the USERID parameter is not specified, the TIBCO Object Service Broker user ID comes from the external environment. In this case, the user ID is automatically authenticated.If the client is not seamless (on z/OS) and the USERID parameter is specified, a mixed password validation strategy is used, and the following applies.If the TIBCO Object Service Broker security system has a null password for your user ID—only permissible on the z/OS environment—and your user ID is explicitly specified by the USERID parameter, the external security manager is used to authenticate your user ID with the supplied password.For interactive clients, you are prompted for the password if it is not supplied or if the previously supplied password was rejected by the external security manager.If the TIBCO Object Service Broker security system has a password for your user ID and your user ID is explicitly specified by the USERID parameter, the supplied password is validated in the following sequence:
2. If that fails, against the password returned from the Version Mismatch function in the password encryption exitFor interactive clients, you are prompted for the password if it is not supplied or if the previously supplied password was rejected by the external security manager.TIBCO Object Service Broker Parameters for information about parameters.If your environment uses TIBCO Object Service Broker security only, the user ID and password values for your session can be determined from a number of places. This table describes the possible sources for these values and the order in which they are evaluated:
Order of Evaluation Session parameter input file The parameter input file must be allocated to DDname HRNIN. Used only if the PROFILE/NOPROFILE session option is set to PROFILE. Execution Environment startup string Execution Environment parameter input file Parameter input file must be allocated to DDName HRNIN. The default module is determined by the type of Execution Environment. Default supplied by TIBCO Object Service Broker z/OS,
Open Systems
• TIBCO Object Service Broker for z/OS External Environments about specifying the session startup string for each z/OS client type.
•
• TIBCO Object Service Broker for z/OS Installing and Operating for more information about HRNIN, about installation, and about defaults supplied by TIBCO Object Service Broker.The following tables summarize the user ID and password requirements for each of the TIBCO Object Service Broker, external, and mixed authentication policies. The columns of these table are arranged as follows:
• The User ID Inherited column indicates whether the TIBCO Object Service Broker user ID is derived from the external environment (Y) or specified by the USERID=userid (N) session parameter.
• The Password Specified column indicates whether a password is specified by the session parameter or as a result of a user prompt for a password.
• The TIBCO Object Service Broker Password Exists column indicates whether TIBCO Object Service Broker security has a password stored for the user ID.
• The Password Matches TIBCO Object Service Broker Password column indicates whether the password provided by the session parameter, or as a result of a prompt, matches the password maintained by TIBCO Object Service Broker security.
• The Password Matches External Security column indicates whether the password provided by the session parameter, or as a result of a prompt, is validated by the external security manager.
User ID Inherited
(z/OS only) TIBCO Object Service Broker Password Exists Password Specified Password Matches TIBCO Object Service Broker Password
User ID Inherited
(z/OS only) Password Matches External Security
User ID Inherited (z/OS only) Password Specified TIBCO Object Service Broker Password Exists Password Matches TIBCO Object Service Broker Password Password Matches External Security
The encryption exit mismatch function is always called if the specified password does not match the TIBCO Object Service Broker password.
![]() |
Copyright © TIBCO Software Inc. All Rights Reserved |