Overview

The Content Manager OnDemand unified login exit (ARS.PTGN) enables a user to run the Content Manager OnDemand command line utilities (such as ARSLOAD) without specifying a user ID and password. This facility to log on without specifying a password uses the ability to specify a PassTicket as a password when using a RACROUTE REQUEST=VERIFY call. The following figure shows an overview of the unified login exit.

Figure 1. Overview of the unified login exit

The unified login exit is implemented as follows:

1. When a user runs a command line utility, if the login exit is enabled and the user does not specify a Content Manager OnDemand user ID and password, the current user ID that is returned by UNIX System Services (USS) is used to logon to Content Manager OnDemand.
2. Because the function to generate a PassTicket is not a part of the SAF interface, Content Manager OnDemand implements the call to generate the PassTicket as an MVS™ dynamic exit. The dynamic exit facility calls the ARS.PTGN login exit routine. Content Manager OnDemand provides a sample exit, ARSPTGN.
3. The ARSPTGN sample exit generates a PassTicket in the RACF® environment and returns the PassTicket to the command line utility. Installations that use another external security product need to evaluate the supplied exit and possibly modify the exit for their environment.
4. The utility sends the PassTicket to the server when the utility attempts to logon to Content Manager OnDemand.
5. The PassTicket is used by the Content Manager OnDemand server to do a SAF RACROUTE REQUEST=VERIFY call from RACF for the user ID. The result that is returned from the SAF call is used to determine whether the user is allowed access to the system. If the SAF call succeeds, the user is logged on to the Content Manager OnDemand server and the required function is performed. If the SAF call fails, the user is prompted for a user ID and password.