USER_SECURITY - UCMD Server configuration option

Owned by Stonebranch (Deactivated)
Jan 31, 2024
2 min read

Description

The USER_SECURITY option specifies whether or not to user security and, if so, the security method.

  • If user security is activated, the UCMD Server logs the user onto the system, and the command is run with the user's identity.
  • If user security is not activated, the command runs with the same identity as the UCMD Server.

Usage

Method

Syntax

IBM i

UNIX

Windows

z/OS

Configuration File Keyword

security option

(tick)

(tick)

(tick)

(tick)

Manager Override

n/a





Values

option is the specification (and method) for activating user security.


IBM i

  • DEFAULT
    User-supplied user ID and password is authenticated against the user profile.

  • NONE
    No user security.
     

    Note

    If the UCMD Server runs with this option value, Stonebranch, Inc. highly recommends removing *ALLOBJ authority from the user profile UNVUBR520. Otherwise, all commands will execute with this authority.

UNIX

  • DEFAULT
    Use UNIX default user authentication method, */etc/passwd* or */etc/shadow*.
  • INHERIT
    Universal Command Server will inherit the user account of the broker which started it. The user's process is started with the same user ID as that inherited from the Broker.
  • NONE
    Universal Command Server will inherit the user account of the broker which started it. The user's process is started with the same user ID as that inherited from the Broker.
  • PAM
    Use the Pluggable Authentication Modules (PAM) interface to provide user authentication.
  • PAM_SESSIONS (Linux only)
    Processes Pluggable Authentication Modules (PAM) session modules in addition to account and authentication modules.
  • TRUSTED
    Use HP Trust Security authentication.

WARNING!

If PAM_SESSIONS is selected, the system requires that at least one session is configured for PAM. Without a properly configured PAM session module, Universal Command fails to start. Check system logs, including the authentication log, for failure information.

Windows

  • DEFAULT
    User\-supplied user ID and password is authenticated against the user profile.
  • INHERIT
    Universal Command Server will inherit the user account of the Broker which started it. The user's process is started with the same user ID as that inherited from the Broker.
  • NONE
    Universal Command Server will inherit the user account of the Broker which started it. The user's process is started with the same user ID as that inherited from the Broker.

z/OS

  • DEFAULT
    Use z/OS SAF user authentication method. The user ID must have an OMVS segment.
  • INHERIT
    Universal Command Server will inherit the user account of the broker which started it. The user's process is started with the same user ID as that inherited from the Broker.
  • NONE
    Universal Command Server will inherit the user account of the broker which started it. The user's process is started with the same user ID as that inherited from the Broker.

Note

For UNIX, Windows, and z/OS: The INHERIT value replaces the NONE value. There currently are no plans to deprecate support for NONE, but new installs should use INHERIT instead of NONE.

Default Values

DEFAULTAIX, HP-UX, Windows, z/OS
PAMLinux, Solaris