Security user exit

Content Manager OnDemand provides a user exit that allows you to implement your own user exit program to identify and authenticate users that log on to the system.

You can use the security user exit to authenticate a user's password by some means other than the way that is built in to Content Manager OnDemand. For example, you might want to deny access to the system after three incorrect logon attempts are made by a user; you might want to enforce some sort of password uniqueness; and so forth. You can also use the security user exit to allow users that are not already in the Content Manager OnDemand user database to access the system.

The security user exit allows you to augment the security related processing of the following activities or events:
  • Logon
  • Change Password
  • Add User ID or Delete User ID by using the Content Manager OnDemand administrative functions
  • Access to a Content Manager OnDemand folder
  • Access to a Content Manager OnDemand application group
When driven for these activities, a user-written exit routine (or set of exit routines) can interact with some other security system to determine if the given activity is to be allowed or disallowed.

The security user exit runs the ARSUSEC program when a user attempts to logon to the system. A sample C program is provided in the EXITS directory. To implement your own security user exit program, you should add your specific code to the sample provided (for example, you could call another program from the ARSUSEC program). See the ARSCSXIT.H file for information about functions, parameters, and return codes. You then compile the ARSUSEC program (a Makefile is provided) and move or copy the executable program to the BIN directory. Then restart the library server to begin using the security user exit program.

Important: When you implement your own security user exit program, you bypass the logon verification processing that is built into the base Content Manager OnDemand product. IBM® advises caution when you bypass the Content Manager OnDemand user and password restrictions. The security of the system could easily be subverted by malicious or defective code. Only use code that you trust.