SNAP-IX APPC Programmer's Guide - 2.8 Overview of Conversation Security

2.8 Overview of Conversation Security

You can use conversation security to require that the invoking TP provide a user ID and password before APPC allocates a conversation with the invoked TP.

In configuring the invoked TP, the System Administrator indicates whether to use conversation security. If so, the invoking TP must supply a combination of user_id and password as parameters of the [MC_]ALLOCATE verb. These parameters must match one of the combinations of user_id and password parameters established during configuration.

An invoked TP that in turn invokes another TP is a special case (see Concepts). Assume that TP A invokes TP B, which requires security information, and TP B in turn invokes TP C, which also requires security information. Through the [MC_]ALLOCATE verb, TP B can specify that conversation security has already been verified. In this case, APPC takes the user ID that was supplied by TP A to TP B, and sends this user ID to TP C with an already verified indication; TP C does not need to check the password.

In some cases, a TP may need to indicate already verified security when it has not itself been invoked by another TP, but has obtained and verified the appropriate security information by another means (for example, by a user entering a user ID and password during a logon sequence). SNAP-IX supports this as follows:

If the TP specifying already verified was itself invoked by another TP that specified a user ID and password, APPC sends this user ID.
Otherwise, APPC takes the Solaris user name with which the TP is running, truncated to 10 characters if necessary, and uses this as the conversation security user ID. Ensure that this name consists of valid AE-string characters and is a valid user name for the TP being invoked.
If the application uses a different method of obtaining the security information (for example, if it requires the user to specify a user ID and password explicitly, rather than relying on the Solaris system security), then it can use the SET_TP_PROPERTIES verb to specify this user_id to APPC before issuing the [MC_]ALLOCATE verb.

SNAP-IX also supports LU-LU session security, which provides security checking when starting the session between the local and remote APPC LUs. LU-LU session security is specified during configuration, and does not require any action in APPC programs. For more information, refer to the SNAP-IX Administration Guide.