UCTL_ACCESS - UCTL UACL entry

Owned by Stonebranch (Deactivated)
Last updated: Jul 15, 2024
2 min read

Description

A UCTL_ACCESS UACL entry either allows or denies access to Universal Control Server services.

If access is permitted, UCTL_ACCESS also specifies whether or not user authentication is required.

There are two forms of the UCTL_ACCESS entry based on the client identification method:

  • uctl_access form is for IP-based client identification.
  • uctl_cert_access is for X.509 certificate-based client identification.

A uctl_access UACL entry is matched if all of the following occur:

  • Request comes from an IP address identified by host.
  • Remote end is executing as user remote_user.
  • Remote user is requesting to execute a command as local user local_user.

A uctl_cert_access UACL entry is matched if both of the following occur:

  • Request comes from a client with a certificate identifier of certid.
  • Remote user is requesting to execute a command as local user local_user.

The first matching rule is used to control access.

See Universal Access Control List (UACL) for details on host, remote_user, local_user, and certid specification syntax.

Usage

Method

Syntax

IBM i

UNIX

Windows

z/OS

UACL File Keyword

uctl_access host,remote_user,local_user,access,auth

uctl_cert_access certid,local_user,access,auth

(tick)

(tick)

(tick)

(tick)

Values

Valid values for access are:

  • deny
    Service is denied. A message is returned to the remote end. The connection is closed.
  • allow
    Service is accepted and processed.

Valid values for auth are:

  • auth
    Local user account must be authenticated. The Manager must provide a proper password for the account.
  • noauth
    User ID provided by the Manager does not have to match the user process being stopped.

IBM i, UNIX, z/OS

Additionally, noauth specifies that the local user account does not require user authentication. The Manager still must supply a password to satisfy command syntax rules, but it will not be verified. Any password value will suffice.

Windows

To set noauth via the Universal Configuration Manager, de-select Require matching local user account when you are adding or editing an Access ACL (uctl_access) entry.

Note

noauth should be used with care. Turning off user authentication may violate your local security policies on the Server system.