Oracle Audio Technologies Oracle Tuxedo Security Checking from UNIX to Mainframe

3-2 Oracle Tuxedo Mainframe Adapter for TCP CICS User Guide

Security Checking from UNIX to Mainframe

Figure 3-1 depicts the process flow for security verifications from TMA TCP for CICS on UNIX

to a mainframe.

Figure3-1 Security Checking for UNIX to Mainframe Transactions

1. When the TMA TCP gateway client program performs a tpinit(), the user’s Tuxedo

identity is validated against the tpusr file.

2. When the client program issues a tpcall() or tpacall(), Tuxedo verifies (against the

tpacl file) the user is authorized to invoke the gateway service.

3. When the gateway establishes the initial connection, connection security information

(specified as RMTNAME and PASSWORD in the GWICONFIG file) is passed from the TMA TCP

gateway to the remote gateway. If the RMTNAME and PASSWORD values match the values

configured on the remote gateway, the connection is established.

With each request, the TMA TCP gateway passes the user’s Tuxedo identity to the remote

TMA TCP for CICS gateway (to the Handler).

Note: To pass authority checking, the user’s Tuxedo identity must match the mainframe

user ID exactly.

4. The remote TMA TCP for CICS gateway Handler initiates an Application Handler to act on

behalf of the specified user ID.

UNIX Mainframe

BEA TMA TCP

Gateway

Tuxed o

Client

Handler

Remote

Server

Application

1

2

34

5

Handler

Contents

Main Page Contents Introducing Tuxedo Mainframe Adapter for TCP (CICS) Understanding How Oracle TMA TCP for CICS Works Configuring the TMA TCP Security Configuring and Administering Oracle TMA TCP for CICS Page Programming Oracle Tuxedo Mainframe Adapter for TCP (CICS) Error and Informational Messages CHAPTER 1 Introducing Tuxedo Mainframe Adapter for TCP (CICS) What You Need to Know Oracle TMA TCP for CICS Architecture Oracle TMA TCP Functionality Domains-based Gateway Connectivity Security Domain Name Server Support Oracle TMA TCP for CICS Components The TMA TCP for CICS Handler The TMA TCP for CICS Application Handler The TMA TCP for CICS Pre-requester The TMA TCP for CICS Requester IBM TCP/IP Sockets Interface Using Other Supported TCP/IP Sockets Products IBM TCP/IP Sockets for CICS Supplied Listener Processing Scenarios Requests from within an Oracle Tuxedo Domain Page Requests from within CICS Figure1-2 Oracle TMA Client Gateway Configuration Getting Started with TMA TCP for CICS CHAPTER 2 Understanding How Oracle TMA TCP for CICS Works Starting the Listener Program Running Oracle TMA TCP for CICS Initializing the Handler Processing Remote Service Requests Shutting Down the Handler Using BDWN to Shut Down the Handler Starting the Requester Program Processing TMA TCP for CICS Originated Service Requests Shutting Down the Requester Using BDWN to Shut Down the Requester Translating Data with TMA TCP gateway Oracle Tuxedo Terminology Data Translation Rules The following table lists the data translation rules that TMA TCP gateway follows. Table 2-1 Oracle Tuxedo Terminology Term Definition Table 2-2 Data Translation Rules Field Type Translation Rules Page Strings and Numeric Data: A Closer Look Including NULL Characters in String Length Calculations Converting Numeric Data CHAPTER 3 Configuring the TMA TCP Security Service Request Processing with Security Security Checking from UNIX to Mainframe UNIX Mainframe Security Checking from Mainframe to UNIX UNIX Mainframe Setting Up Security for TMA TCP for CICS Securing User Connections Securing Inbound Services Securing Outbound Connections from CICS to UNIX Securing Outbound Connections from CICS to CICS Securing Outbound Connections from CICS to IMS Page CHAPTER 4 Configuring and Administering Oracle TMA TCP for CICS Menu Navigation The Main Menu The Main Menu Oracle Tuxedo Mainframe Adapter for TCP CICS User Guide 4-3 Usage Table 4-2 Main Menu (BEAM) Sub-menu Codes Code Area of Operation Page Enter This Code To Access This Screen The Connection Screens Update Connection Screen (C2) Page Inquire Connection Screen (C3) from the record you specified and the LOGICAL MACHINE NAME and TYPE fields are unprotected. Page Browse Connection Screen (C5) The Requester Screens Insert Requester Screen (R1) Page Page Update Requester Screen (R2) Page Page Inquire Requester Screen (R3) Page Page Delete Requester Screen (R4) Page Page Browse Requester Screen (R5) The Outbound Service Information Screens Insert Outbound Service Information Screen (S1) Page Update Outbound Service Information Screen (S2) Inquire Outbound Service Information Screen (S3) field is unprotected. Delete Outbound Service Information Screen (S4) Page Browse Outbound Service Information Screen (S5) The User Connection ACCOUNT Screens Insert User Connection ACCOUNT Screen (U1) Update User Connection ACCOUNT Screen (U2) Use this screen to update a record on the account file. When the screen is first displayed, the Inquire User Connection ACCOUNT Screen (U3) Delete User Connection ACCOUNT Screen (U4) with the data from the record requested and all the fields protected. The Browse User Connection ACCOUNT Screen (U5) The Inbound Service Information Screens Insert Inbound Service Information Screen (I1) 4-40 Oracle Tuxedo Mainframe Adapter for TCP CICS User Guide Update Inbound Service Information Screen (I2) 4-42 Oracle Tuxedo Mainframe Adapter for TCP CICS User Guide Inquire Inbound Service Information Screen (I3) 4-44 Oracle Tuxedo Mainframe Adapter for TCP CICS User Guide Delete Inbound Service Information Screen (I4) 4-46 Oracle Tuxedo Mainframe Adapter for TCP CICS User Guide The Browse Inbound Service Screen (I5) The Handler Configuration Screens Update Handler Configuration Screen (H2) Inquire Handler Configuration Screen (H3) Page Dynamically Configuring TMA TCP for CICS Modifying Outbound Services Modifying User Connection Accounts Modifying Connections Deleting Requester LMIDs Administering the Gateways Page CHAPTER 5 Programming Oracle Tuxedo Mainframe Adapter for TCP (CICS) Client Application Considerations Buffer Layout Issues Making Calls from a CICS Client Program Page Table 5-2 Return Codes Code Value Examples 5-6 Oracle Tuxedo Mainframe Adapter for TCP - CICS User Guide The following is an example of a C CICS client program. Listing5-4 C CICS Client Program Example Error Handling Gateway Errors MVS or CICS Errors Application Errors Server Application Considerations Programming Services with a Response Programming Services without a Response Modifying the Length of the Return Message Modifying Return Message Lengths for C Programs Modifying Return Message Lengths for COBOL Programs Page APPENDIX A Error and Informational Messages Messages Returned to the Remote Gateway Page Messages Written to the TMA TCP for CICS Log Page Page Page Codes Returned to a CICS Client Program Page Page Informational Process Messages Data Field Error Messages Page Page System Error Messages