Table 9. TCP/IP Application Exit Points (continued)

TCP/IP Application

Exit Point

Exit Point Format

 

 

 

Note:

1The same interface format is used for request validation for the FTP client, FTP server, REXEC server, and TFTP server. This allows the use of one exit program for request validation of any combination of these applications.

2The same interface format is used for server log-on processing for the FTP server and REXEC server applications. This allows the use of one exit program to process log-on requests for both of these applications.

3For a detailed description of the DHCP exit points and how to use them, see System API Reference (http://publib.boulder.ibm.com/pubs/html/as400/v5r1/ic2924/info/apis/api.htm) in the Information Center. If you are using the Supplemental Manuals CD, then switch to the iSeries Information Center CD to access this information.

Creating Exit Programs

There are several steps involved in designing and writing exit programs. They include:

1.Review the purpose of the exit point and the format of its interface

2.Define the scope and operation of your exit program

3.Design the exit program

4.Code the exit program

5.Add the exit program to the appropriate exit point in the registration facility. (See “Adding Your Exit Program to the Registration Facility” for instructions on how to do this.)

Note: Only users with both *SECADM and *ALLOBJ authority are allowed to add and remove TCP/IP application exit programs.

6.Test your exit program

vTests for each user ID

vTests for each operation

The most important step in establishing security exit programs is verifying that the exit program works. You must assure that the security wall works and does not have any weaknesses.

Notes:

1.If the exit program fails or returns an incorrect output parameter, the operation will not be allowed by the TCP/IP application.

2.To ensure the highest level of security, create the exit program in a library that has *PUBLIC authority of *EXCLUDE and give the exit program itself a *PUBLIC authority of *EXCLUDE. The TCP/IP application adopts authority when it is necessary to resolve and call the exit program.

Adding Your Exit Program to the Registration Facility

To add your exit program, run the Work with Registration Information (WRKREGINF) command. The following display is shown:

Appendix B. TCP/IP Application Exit Points and Programs 81

Page 95
Image 95
IBM SC41-5420-04 manual Creating Exit Programs, Adding Your Exit Program to the Registration Facility