One thing we looked at was using CAS (from Yale University -- try
http://www.yale.edu/tp/auth/usingcasatyale.html). One of the things it
can use as an authentication back-end is an LDAP server so we were
thinking of trying it with the one that comes with z/OS.
We never got around to trying it (it is on our list of things to do when
we have time).
--Stephen
Paul Gilmartin wrote:
> On 07/16/09 16:35, Bob Bonhard wrote:
>> Thanks in advance for all/any advice, direction, samples, expertise
>> related to my question. I was approached by one of our distributed
>> application folks with a request that I believe should be very
>> possible to accommodate based on my experiences with zOS system
>> sftwr/hdwr, WAS, etc.
>> The app is web-based running on non-zOS platform. They would like to
>> be able to connect to the mainframe to authenticate a RACF
>> ID/password; if the ID and password are OK, continue with the app
>> (possibly return a RC=0 or any other "OK"); if ID unknown, pswd
>> wrong, pswd revoked or expired, provide a non-zero return code or
>> "not OK" msg with explicit reason, even routing user to a web page
>> where they can update an expiring password, correct an invalid
>> password. I'm hoping to find something that is *easy* and *cheap* to
>> implement ("free" being the key word), and generic enough to be used
>> by any subsequent apps. I figure there has to be an easy way to do
>> this but I don't know what that way is, whether a direct call to RACF
>> or USS, some kind of non-html call to the IBM HTTP server,
>> WebSphereAS, MQ ... something simple and free.
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
