1. Mainframe Adapter for SNA User’s Guide
  2. Providing Security
  3. Mapping User IDs
  4. Setting Security Scenario
  5. Configuring Security in the ATMI Domain

5.2.5.1 Configuring Security in the ATMI Domain

  1. Edit the UBBCONFIG file.
    1. In the RESOURCES section, add SECURITY USER_AUTH.
    2. In the SERVERS section, add the AUTHSVR server.

    Note:

    SECURITY USER_AUTH level implies that application passwords, user IDs, and user passwords are required to join the application. AUTHSVR is the ATMI-supplied authentication server. It advertises the service AUTHSVC.
  2. Enter the tmloadcf command to load the ATMI configuration, for example: 
    tmloadcf -y ubbconfig.sna
  3. Set the application password. (The tmloadcf command prompts for the application password.)
  4. Add users to the ATMI domain by using the tpusradd command. The command prompts for each password, for example: tpusradd me

    (Enter password for me.)

    Note:

    Do not use the command tpaddusr.
  5. Modify the ATMI client to specify security parameters in the tpinit call. the following isting 4‑1 is an example of the code to do this.

    Listing Security Parameters Added to tpinit Call 

        TPINIT *tpinitbuf;
    char passwd[30];
    int security_level;
/* Initialize security parameters */
    if ((tpinitbuf = (TPINIT *) tpalloc("TPINIT", NULL,
    TPINITNEED(sizeof(passwd)))) == NULL)    
    {
        userlog("tpalloc tpinit failed %s \n", tpstrerror(tperrno));
        exit(1);    
    }
    strcpy(tpinitbuf->usrname,"");
    strcpy(tpinitbuf->cltname,"");
    strcpy(tpinitbuf->passwd,"");
    strcpy(tpinitbuf->grpname,"");

/* Determine level of enforced security */
    security_level = tpchkauth();

    if ((security_level == TPSYSAUTH) || (security_level ==
    TPAPPAUTH))
    {
        fprintf(stdout,"\nApplication passwd required.");
        fprintf(stdout,"\nApplication passwd:");
    gets(tpinitbuf->passwd);
}
if (security_level == TPAPPAUTH)
{
    fprintf(stdout,"\nUser Name required.");
    fprintf(stdout,"\nUser Name:");
    gets(tpinitbuf->usrname);
    fprintf(stdout,"\nUser Password required.");
    fprintf(stdout,"\nUser Password:");
    gets(passwd);
    strcpy(&tpinitbuf->data,passwd);
    tpinitbuf->datalen=strlen(passwd);
}
if (tpinit(tpinitbuf) == -1)
{
    userlog("TPINIT %s \n", tpstrerror(tperrno));
    exit(1);
}
  6. Verify security in the ATMI domain by running the client.
  7. Enter the dmloadcf command to load the domain configuration. For example: 
    dmloadcf -y dmconfig.sna
  8. Enter the tmboot command to boot the ATMI domain, for example: tmboot -y
  9. Configure security for the SNA domain by editing the DMCONFIG file.
    1. In the DM_LOCAL_DOMAINS section, add the parameter: SECURITY=DM_USER_PW
    2. In the DM_SNALINKS section, add the parameter for the remote link: SECURITY=VERIFY
  10. Add the user name mapping for the remote domain by invoking dmadmin and using the addumap command to map local user IDs to remote user IDs. For example: 
    dmadmin 
>addumap -d myldom -R myrdom -p localme -u REMOTEME
  11. Add a password for remote user IDs for the remote domain by invoking dmadmin and using the addusr command to provide remote password(s). For example:
    dmadmin 
>addusr -d myldom -R myrdom -u REMOTEME

    (The system responds with the following prompts: 

    ERROR: Enter Remote User's Password:
ERROR: Re-enter Remote User's Password:)

Parent topic: Setting Security Scenario