UCMD_ACCESS - UCMD UACL Entry
Description
A UCMD_ACCESS UACL entry either allows or denies access to Universal Command Server services.
If access is permitted, UCMD_ACCESS also specifies whether or not user authentication is required.
There are two forms of the UCMD_ACCESS entry, based on the client identification method:
ucmd_access is for IP-based client identification.
ucmd_cert_access is for X.509 certificate-based client identification.
A ucmd_access UACL entry is matched if all of the following occur:
Request comes from an IP address identified by host.
Remote end is executing as user remote_user.
Remote user is requesting to execute a command as local user local_user.
A ucmd_cert_access UACL entry is matched if both of the following occur:
Request comes from a client with a certificate identifier of certid.
Remote user is requesting to execute a command as local user local_user.
The first matching rule is used to control access.
See UACL Entries for details on host, remote_user, local_user, and certid specification syntax.
Usage
Method | Syntax | IBM i | UNIX | Windows | z/OS |
UACL File Keyword | ucmd_access host,remote_user,local_user,access,auth |
|
|
|
|
UACL File Keyword | ucmd_cert_access certid,local_user,access,auth |
|
|
|
|
Values
Valid values for access are:
deny
Service is denied. A message is returned to the remote end. The connection is closed.allow
Service is accepted and processed.
Valid values for auth are:
auth
Local user account must be authenticated. The Manager must provide a proper password for the account.noauth
Local user account does not require user authentication. The Manager still must supply a password to satisfy command syntax rules, but it will not be verified. Any password value will suffice.