Implementing distributed access at remote locations

The following actions must occur at the remote locations to enable distributed access for the Spiffy security plan:

• For SNA connections, the Spiffy security planners must include an entry in table SYSIBM.LUNAMES for the LU name of the central location. The entry must specify an outbound ID translation for attachment requests to that location.
  For example, the following table shows an entry in SYSIBM.LUNAMES for LUCENTRAL.

  Table 1. The SYSIBM.LUNAMES table at the remote location

  LUNAME	USERNAMES	SECURITY_OUT
  LUCENTRAL	O	P

  The value of O for USERNAMES indicates that translation checking is performed on outbound IDs, but not on inbound IDs. The value of P for SECURITY_OUT indicates that outbound connection requests contain a user password and a RACF® PassTicket.
• For TCP/IP connections, the Spiffy security planners must include an entry in table SYSIBM.IPNAMES for the LU name that is used by the central location. The content of the LUNAME column is used to generate RACF PassTickets. The entry must specify outbound ID translation for requests to that location.
  For example, the following table shows an entry in SYSIBM.IPNAMES for LUCENTRAL.

  Table 2. The SYSIBM.IPNAMES table at the remote location

  LINKNAME	USERNAMES	SECURITY_OUT	IPADDR
  LUCENTRAL		R	central.vnet.ibm.com

• The Spiffy security planners must include entries in table SYSIBM.USERNAMES to translate outbound IDs.
  For example, the following table shows two entries in SYSIBM.USERNAMES.

  Table 3. The SYSIBM.USERNAMES table at the remote location

  TYPE	AUTHID	LINKNAME	NEWAUTHID
  O	MEL1234	LUCENTRAL	MGRD11
  O	blank	LUCENTRAL	CLERK

  MEL1234 is translated to MGRD11 before it is sent to the LU that is specified in the LINKNAME column. All other IDs are translated to CLERK before they are sent to that LU.