BEA Home  |  Events  |  Solutions  |  Partners  |  Products  |  Services  |  Download  |  Developer Center  |  WebSUPPORT
	http://www.oracle.com/technology/documentation/index.html   |   Site Map   |   Search   |   PDF Files   |   Contact   |   Glossary
Tuxedo Documentation   |   Using Security in ATMI Applications   |   Local Topics   |   Previous Topic   |   Next Topic   |   Contents

For general-purpose client programs that are written to work with a variety of applications, the BEA Tuxedo system provides an ATMI function that enables a client to determine the level of security required by the ATMI application that the client is trying to join. This ATMI function, implemented as tpchkauth(3c) for C and TPCHKAUTH(3cbl) for COBOL, is designed to work with ATMI applications using default authentication and authorization. The tpchkauth() and TPCHKAUTH() functions can also be used in ATMI applications in which custom authentication and/or authorization is used. How they are used, however, depends on how the custom security features are implemented. For the most part, this discussion focuses on default authentication and authorization.

An application programmer writing in C uses tpchkauth() to check the ATMI application's security level before calling tpinit(3c), so that the client program can prompt for the application password and the user authentication data needed for the tpinit() call; tpchkauth() is called without arguments.

An application programmer writing in COBOL uses TPCHKAUTH() for the same purpose before calling TPINITIALIZE(3cbl). The syntax and functionality of TPCHKAUTH(3cbl) and TPINITIALIZE(3cbl) are the same as those of tpchkauth(3c) and tpinit(3c).

TPNOAUTH

Nothing is required beyond the normal operating system login and file permission security. TPNOAUTH is returned for security level NONE.

TPSYSAUTH

An application password is required. The client program should prompt the user to provide the password, and should put it in the password field of the TPINIT buffer for C, or TPINFDEF-REC record for COBOL. TPSYSAUTH is returned for security level APP_PW.

The application administrator informs users of the application password, and the application programmer writes client-program code to prompt users for the application password and to put the user-supplied password, as plain text, in the password field of the TPINIT buffer or TPINFDEF-REC record. The password should not be displayed on the user's screen.

BEA Tuxedo system-supplied client programs, such as ud, wud(1), prompt for an application password. ud() allows fielded buffers to be read from standard input and sent to a service.

TPAPPAUTH

The application password is required. The client is expected to provide a value to be passed to the authentication service in the data field of the TPINIT buffer for C, or the TPINFDEF-REC record for COBOL. TPAPPAUTH is returned for security level USER_AUTH, ACL, or MANDATORY_ACL.

The application programmer writes client-program code to furnish additional information for the application authentication service, which is provided by the AUTHSVR server for default authentication and authorization. AUTHSVR is configured by the administrator to validate the per-user authentication information with client and usernames, indicating whether the client program is allowed to join the ATMI application.

• Joining the ATMI Application

• Writing Clients in Programming BEA Tuxedo ATMI Applications Using C and Programming BEA Tuxedo ATMI Applications Using COBOL

• tpinit(3c) and tpchkauth(3c) in the BEA Tuxedo ATMI C Function Reference

• TPINITIALIZE(3cbl) and TPCHKAUTH(3cbl) in the BEA Tuxedo ATMI COBOL Function Reference

• Default Authentication and Authorization

• Programming an ATMI Application with Security