ARTTCP supports three types of Tuxedo security mechanisms: application password (APP_PW), user-level authentication (USER_AUTH), and access control list (ACL and MANDATORY_ACL).The user-level authentication security mechanism requires that in addition to the application password, each client must provide a valid username and password to join the Tuxedo ATMI application. The per-user password must match the password associated with the user name stored in a file named tpusr. Client name is not used. The checking of per-user password against the password and user name in tpusr is carried out by the Tuxedo authentication service AUTHSVC, which is provided by the Tuxedo authentication server AUTHSVR. For more information on how to configure Tuxedo user-level authentication, please refer to Tuxedo documentation.When Tuxedo security is enabled, a default security profile, which includes the default USER_AUTH username and password and/or the APP_PW password,, is required to allow users to join the Tuxedo domain before calling the CESN service. A security profile generator tool is introduced to generate the default security profile. Please refer to Security Profile Generator for details.In the case of APP_PW, the Tuxedo application password must be created in Tuxedo configuration.In the case of USER_AUTH, the Tuxedo application password, a Tuxedo username and password must be created in the Tuxedo configuration.In both cases, the password (and username for USER_AUTH) must be specified in the default security profile file that is specified in the command line option (-p profile-name) of theTuxedo ARTTCPL server. The password (and username for USER_AUTH) will be used as parameters of tpinit() when ARTTCP server joins Tuxedo.CICS Runtime offers a security framework which allows a customer to choose integration with an external security manager. The Tuxedo application key (appkey) is used as the credential to be passed to an external security manager. The appkey is 32 bits long, Tuxedo user identifier is in the low order 17 bits and the Tuxedo group identifier is in the next 14 bits (the high order bit is reserved for administrative keys). For more information, please refer to Tuxedo documentation.Listing 8‑1 COBOL CICS Resource Authorization Interface
The name of the profile file to use for autthentification; this file must have been created with genappprofile. When not provided it defaults to ~/.TDappProfile.When Tuxedo security is enabled, a default security profile, which includes the APP_PW password and the default USER_AUTH username and password, is required to allow the user to join the Tuxedo domain before calling the CESN service.genappprofile — Security Profile Generator