The TMA TCP product supports a security feature that allows a requester from Oracle Tuxedo services to pass a user ID requirement through the OTMA or CICS server interfaces for verification through a third-party security package.
Note: | The security feature on Tuxedo Mainframe Adapter for TCP (IMS) (hereafter referenced as TMA TCP for IMS) runs as an OTMA client only. |
Figure 3-1 depicts the process flow for security verifications from TMA TCP Gateway on UNIX to a mainframe.
tpusr
file), group (reviewing the tpgrp
file), and ACL (reviewing the tpacl
file). If all three pass, the transaction request processes. If any one of the three are rejected, the transaction request stops and a security violation occurs.Note: | The user IDs in these files must match in the Tuxedo and the mainframe environments or a security violation occurs. |
Figure 3-2 depicts the process flow for security verifications from a mainframe to TMA TCP Gateway on UNIX.
appkey
to obtain the user and group numbers. Verify the user name against the security system. If the user name is valid and the user has the authority to run the transaction, the transaction request is accepted. If the user name is not valid, the request is rejected and a security violation occurs.
The TMA TCP for IMS product has an OTMA interface that supports enhanced security. This interface allows a requester from Oracle Tuxedo services to pass a user ID through the OTMA server interface for authorization through your security package.
Complete the following tasks to enable the connection security feature.
Complete the following tasks to enable the connection security feature.
Complete the following tasks to enable the connection security feature.
Complete the following tasks to enable the service security feature.
OTMASECURITY=Y
in the SYSTEM
statement of your TMA TCP for IMS configuration file.SECURITY
parameter in SERVICE TYPE=LOCAL
statement. For parameter information, refer to the
Defining Local Services section./SEC OTMA PROFILE
command in IMS to enable security checking on a service by service basis for the OTMA interface. Issue the /SEC OTMA FULL
command in IMS to enable security checking on all services.WARNING: | If SECURITY=N in the SERVICE TYPE=LOCAL statement for any local service definition, issue /SEC OTMA PROFILE . A security failure results if you specify SECURITY=N and issue /SEC OTMA FULL command. |