*REGFAC authentication method

*REGFAC authentication method will call the exit program registered under exit point QIBM_QSY_AUTH during authentication processing. Refer to Additional Authentication Exit Program. The exit program is called after a successful authentication. It is not called if the authentication fails.

The exit program has sole responsibility for doing the additional authentication. If authentication is not performed by the exit program and *REGFAC is the only authentication method, this does not result in MFA protection. The administrator should take great care in monitoring the validity of the registered exit program.

Traditionally authentication is thought of as verifying a password. This exit program will be called for more cases. For instance, when the password is a special value.

Authentications using Kerberos and SSH, which do not require a password or TOTP value, will indirectly call the exit program via the interface used to associate a user profile with the Kerberos or SSH authentication.

The operating system gives the exit program information associated with the authentication. The exit program then has the ability to verify the information and return a value to the operating system that causes the authentication to pass or fail.

The *REGFAC authentication method can be used along with the *TOTP authentication method or it can be used independently. If used independently, the value entered into the additional factor field will be passed to the exit program. It can be used by the exit program to perform additional verification. If used along with the *TOTP authentication method, the additional factor field passed to the exit program will be blank.