Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Current »

Description

A UDM_ACCESS UACL entry either allows or denies access to Universal Data Mover Server services.

If access is permitted, UDM_ACCESS also specifies whether or not user authentication is required.

There are two forms of the UDM_ACCESS entry based on the client identification method:

  • udm_access form is for IP-based client identification.
  • udm_cert_access is for X.509 certificate-based client identification.

A udm_access UACL entry is matched if all of the following occur:

  • Request comes from an IP address identified by host.
  • Remote end is executing as user remote_user.
  • Remote user is requesting to execute a command as local user local_user.

A udm_cert_access UACL entry is matched if both of the following occur:

  • Request comes from a client with a certificate identifier of certid.
  • Remote user is requesting to execute a command as local user local_user.

The first matching rule is used to control access.

See UACL Entries for details on host, remote_user, and local_user specification syntax.

Usage

Method

Syntax

IBM i

UNIX

Windows

z/OS

UACL File Keyword

udm_access host,remote_user,local_user,access,auth

udm_cert_access certid,local_user,access,auth

(tick)

(tick)

(tick)

(tick)

Values

Valid values for access are:

  • deny
    Service is denied. A message is returned to the remote end. The connection is closed.
  • allow
    Service is accepted and processed.


Valid values for auth are:

  • auth
    Local user account must be authenticated. The Manager must provide a proper password for the account.
  • noauth
    Local user account does not require user authentication.

Note

noauth should be used with care. Turning off user authentication may violate your local security policies on the Server system.

  • No labels