vWhen an invalid password, or a passticket is presented, or an EXEC CICS
VERIFY PASSWORDcommand is issued.
RACROUTE REQUEST=FASTAUTH
Issued during resource checking, on behalf of a user who is identified by an
ACEE. It is the high-performance form of REQUEST=AUTH, using in-storage
resource profiles, and is issued at the following CICS control points:
vWhen attaching local transactions
vWhen checking link security for transaction attach
vTransaction validation for MRO tasks
vCICS resource checking
vLink security check for a CICS resource
vTransaction validation for EDF
vTransaction validation for the transaction being tested (by EDF)
vDBCTL PSB scheduling resource security check
vDBCTL PSB scheduling link security check
vRemote DL/I PSB scheduling resource check
vQUERY SECURITY with the RESTYPE option.
RACROUTE REQUEST=AUTH
This is a higher path length form of resource checking. It is used:
vAfter a call to FASTAUTHindicates an access failure that requires logging.
vWhen a QUERY SECURITY request with the RESCLASS option is used.
This indicates a request for a resource for which CICS has not built
in-storage profiles. (If CICS has in fact built in-storage profiles,
REQUEST=AUTH uses them.)
RACROUTE REQUEST=LIST
Issued to create and delete the in-storage profile lists needed by
REQUEST=FASTAUTH.(One REQUEST=LIST macro is required for each
resource class.) It is issued at the following CICS control points:
vWhen CICS security is being initialized
vWhen an EXEC CICS REBUILD SECURITY is issued
vWhen XRF tracks either of these events.
RACROUTE REQUEST=EXTRACT
Issued (with the parameters SEGMENT=SESSION,CLASS=APPCLU) during
verification of APPC BIND security,at the following CICS control point:
vBIND of APPC sessions.
It is also issued (with the parameters SEGMENT=CICS,CLASS=USER) during
signon, at all the control points listed under RACROUTE REQUEST=VERIFY.
For a detailed description of these macros, see the OS/390 Security Server
External Security Interface (RACROUTE) Macro Reference manual.
Using early verification processing
The CICS signon routine invokes the SAF interface, using the RACROUTE
REQUEST=VERIFY macro with the ENVIR=VERIFY option in problem-program
state. Invoking this version of the macro has no effect if the ESM is RACF,but other
external security manager products can get control through the SAF exit interface,
and perform their own early verification routine.
Chapter31. Invoking an external security manager 797