Unauthorized services used by the SAF registry
The System Authorization Facility (SAF) registry uses a number of unauthorized services from the C environment provided by LE (Language Environment®).
Presented here is a table that lists the unauthorized services from LE C that the SAF
registry uses, and provides links to additional information in the z/OS® V2R1 documentation. These services are subject to BPX.DAEMON restrictions. These
restrictions detailed in the documentation that are linked to from the service calls associated with
each method that is listed in the table.
| Method | Link to further information |
|---|---|
|
Verify/Change User Password |
|
Reset Group Database to First Entry |
|
Get Group Database Entry |
|
Get Group Database Entry Functions |
|
Get Supplementary Group IDs by User Name |
|
Get Supplementary Group IDs by User Name |
|
Access the Group Database by ID |
|
Reset User Database Search |
|
Get User Database Entry |
|
User Database Functions |
|
Search Group Database for a Name |
|
Search User Database for a Name |
|
Register/Deregister/Authenticate a Digital Certificate |
Note: If the Liberty server is configured to
use SAF authorized services (see Activating and configuring the SAF registry on z/OS), then the following unauthorized services are not used:
checkPassword: __passwd_applidisValidGroup: getgrnam_risValidUser: getpwnam_rmapCertificate: __certificate
initACEE authorized SAF service . For the
isValidGroup method, the Liberty server uses the RACROUTE
EXTRACT macro.
Unless the server is configured to use an
Angel for security authentication operations, UserRegistry,
isValidUser, and isValidGroup methods return
false for user or group names that are created without an OMVS segment.