IMS Connect security support
IMS Connect includes a variety of options for implementing and modifying the security checking performed on messages as they arrive in IMS Connect and, for IMS TM connections, as they arrive at the data store.
For connections to IMS TM, IMS Connect provides two options for checking security within IMS Connect: you can configure IMS Connect to call RACF® directly or you can have the IMS Connect user message exit routines call a Security user exit routine.
For connections to IMS DB, the IMS Connect DB Security user exit routine (HWSAUTH0) authenticates the user and you can use RACF as well. For connections to IMS DB, IMS Connect does not check the authority of the user to perform any action, but can pass a RACO token to the CSL Open Database Manager for the purposes of authorization.
For connections to IMS Operations Manager (OM) for command requests, you can configure IMS Connect to call RACF and use RACF PassTickets for user authentication.
For connections to remote instances of IMS Connect that support IMS-to-IMS TCP/IP communications, IMS Connect supports RACF PassTickets and the establishment of trusted user connection status.
- Password management support
- Trusted-user classification for messages arriving at the data store
- OTMA accessor environment element (ACEE) timeout specification support
For connections from clients
connecting to IMS DB:- Secure Sockets Layer (SSL) support. To use SSL to secure connections from clients connecting to IMS DB, you can use IBM® z/OS® Communications Server Application Transparent Transport Layer Security feature (AT-TLS).
- Support for RACF PassTickets.
- For IMS TM clients, IMS Connect provides support for RACF PassTickets.
- Support for passing to and from IMS the security credentials, including the network user ID and network session ID, that are entered by a user in a distributed environment.