On 07/16/09 16:35, Bob Bonhard wrote:
Thanks in advance for all/any advice, direction, samples, expertise related to my question. I was approached by one of our distributed application folks with a request that I believe should be very possible to accommodate based on my
experiences with zOS system sftwr/hdwr, WAS, etc.
The app is web-based running on non-zOS platform. They would like to be able to connect to the mainframe to authenticate a RACF ID/password; if the ID and password are OK, continue with the app (possibly return a RC=0 or any other "OK"); if ID unknown, pswd wrong, pswd revoked or expired, provide a non-zero return code or "not OK" msg with explicit reason, even routing user to a web page where they can update an expiring password, correct an invalid password. I'm hoping to find something that is *easy* and *cheap* to implement ("free" being the key word), and generic enough to be used by any subsequent apps. I figure there has to be an easy way to do this but I don't know what that way is, whether a direct call to RACF or USS, some kind of non-html call to the IBM HTTP server, WebSphereAS, MQ ... something simple and free.
I'm thinking of something such as:
ssh u...@mvs "true"
... assuming MVS is running SSHD. This has the advantage of
encrypting the password. But ssh client attempts to read the
password from /dev/tty. This would probably work if issued
from a PTY, but this is wandering away from "simple".
-- gil
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
