Implementing distributed access at the central server

To enable distributed access to sensitive employee data, the Spiffy security plan requires certain security measures to be implemented at the central server location.

About this task

The following actions must occur at the central server location:

The central Db2 subsystem must authenticate every incoming ID with RACF®.
For SNA connections, the Spiffy security planners must include an entry in table SYSIBM.LUNAMES in the CDB; the entry in the LUNAME column identifies the LU name of every remote location. The entry must specify that connections must be verified.
Example: The following table shows an entry in SYSIBM.LUNAMES for LUREMOTE.
Table 1. The SYSIBM.LUNAMES table at the central location

LUNAME USERNAMES SECURITY_IN ENCRYPTPSWDS

LUREMOTE blank V N

The value of V for SECURITY_IN indicates that incoming remote connections must include verification. The value of N for ENCRYPTPSWDS indicates that passwords are not in internal RACF encrypted format.

The security plan treats all remote locations alike, so it does not require encrypted passwords. The option to require encrypted passwords is available only between two Db2 subsystems that use SNA connections.
For TCP/IP connections, the Spiffy security planners must set the TCP/IP ALREADY VERIFIED field of installation panel DSNTIP5 to NO. This setting ensures that the incoming requests that use TCP/IP are not accepted without authentication.
The Spiffy security planners must grant all privileges and authorities that are required by the manager of Department D11 to the ID, MGRD11. The security planners must grant similar privileges to IDs that correspond to the remaining managers.