Got it. Thanks. Regards, Richard Schuh
> -----Original Message----- > From: The IBM z/VM Operating System > [mailto:[EMAIL PROTECTED] On Behalf Of Alan Altmark > Sent: Tuesday, July 01, 2008 4:13 PM > To: IBMVM@LISTSERV.UARK.EDU > Subject: Re: RACF and MAINT > > On Tuesday, 07/01/2008 at 06:22 EDT, "Schuh, Richard" > <[EMAIL PROTECTED]> > wrote: > > I see. The way we use VM:Secure, nopass is granted through > the rules > > facility, so the ESM does handle the requests to XAUTOLOG a user. > > Since the requesting user's logon was authenticated by the ESM and > > there is a permitting rule that is also enforced by the > ESM, is that > > authorization, authentication, or perhaps half-authentication? In > > other words, does having to get past the ESM alter the status? > > The ESM is being called to authorize you for an XAUTOLOG > command that does not require authentication. When a rule > (policy) is applied to a subject > (user) or object (resource) or their interaction, that is > authorization. > Authentication requires one or more of: > - a secret that only you know (password) > - a widget that only you posess (RSA key id or private key) > - a biological feature that is unique to you (fingerprint, > retina pattern, voiceprint, DNA scan, brain wave patterns, ...) > > Alan Altmark > z/VM Development > IBM Endicott >
