On Friday, 09/17/2010 at 01:50 EDT, Michel Beaulieu <beaulieumic...@live.ca> wrote: > We are not using an External Security Manager(no ESM). > > I am trying to see if it is possible to do the following: > > > 1. Logon to CMS with userid'A' > 2. (Get userid'B' and password through some authorized method) > 3. using the telnet command (in transparent mode) and automatically login to > userid'B'. > 4. (do some work with userid'B' interacting with the physical person) > 5. logoff userid'B' and return control to userid'A' > > I could probably achieve what I want by programming using Logical Device and > doing the logon in my code. > Then I have to manage all the 3270 conversation from beginning to end. > > I am just wandering if such a solution already exists. > > I would hate to re-invent something like that.
You've gotten lots of ideas from people about SVMs that can do work on your behalf. But what you *won't* get with that paradigm is the concept that you are acting as "User B". SVMs are privileged and they can be programmed to do different things for different people, but it is always a client-server model. You make a request, it acts with it's own privileges. At no time does the SVM actually *become* User B so that the system will enforce User B's privileges on the the SVM. As others have said, this is a direct result of the fact that virtual machines are separate servers, not processes within a single server. When tied into a real programming interface rather than a MSG/SMSG model, you can even get a reasonable facsimile of an interactive command session. E.g. DOAS user2 this_command. The SVM can see if you are authorized to act as user2 and whether or not user2 has access to this_command. The more sophisticated the SVM, the more automated such things can be, and they can even integrate with ESMs. Beware of step 2. It will attract auditors like moths to a flame. Any ability to extract another user's password is simply going to highlight that you are storing passwords in clear-text, which a violation of most modern password security standards. (Hence the need for an ESM.) Alan Altmark z/VM and Linux on System z Consultant IBM System Lab Services and Training ibm.com/systems/services/labservices office: 607.429.3323 alan_altm...@us.ibm.com IBM Endicott
