z/OS Network File System Guide and Reference
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


Login installation-wide exit

z/OS Network File System Guide and Reference
SC23-6883-00

The exit routine can invoke a customized authorization facility. The server mainline code can be set to perform Security Authorization Facility (SAF) checking, by specifying the security attribute in the attributes table.

If security(saf) or security(safexp) is specified in the attributes table and the exit routines exist, these exit routines get control first, and then SAF security checking gets control. If the exit routines fail the request, the entire request fails. If the exit routines process the request successfully, then the request is processed by the SAF checking. Similarly, if the SAF checking fails the request, the entire request fails.

If neither security(saf) nor security(safexp) is specified in the attributes table and the exit routine exists, this exit routine determines whether the request is successful or fails.

Figure 1 shows the logic flow that determines which login checking routines are used.

Figure 1. Determining which login checking routines are used
Determining which login checking routines are used
The login installation-wide exit has a parameter list which is passed from the server to the installation-wide exit. The login installation-wide exit can be invoked for any of the following conditions:
System initialization
Performed once during the initialization of the server and allows a Global Exit Block to be obtained. The GXB address is always returned to the installation-wide exits (see GXB in Requirements of the login exit). If this request fails, both the login installation-wide exit and the file security installation-wide exit are marked as non-existent.
New user session
Performed when a unique combination of UNIX UID and Internet address is detected. The exit might obtain a User Exit Block for use by later calls if the UXB does not exist.
Login
Performs user verification when a client tries to use either an mvslogin command or a PCNFSD request or an RPCSEC_GSS user session request (see User exit block (UXB)). The exit might obtain a User Exit Block for use by later calls if the UXB does not exist.
Logout
Performs cleanup when a client tries to use the mvslogout command or a timeout occurs. Timeout is the value specified in the logout attribute in the attributes table. On a logout, the UXB is released. Logout can also be initiated by the login request. For RPCSEC_GSS request, logout is only initiated when a timeout occurs since mvslogin/mvslogout is no longer required.
System termination
Occurs once during the termination of the server, and causes the Global Exit Block to be freed.
Parent topic: Installation-wide exit routines for the z/OS NFS server

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014