Gen client/server applications support for Kerberos

search cancel

Gen client/server applications support for Kerberos

book

Article ID: 130289

calendar_today

Updated On:

Products

Gen Gen - Run Time Distributed Gen - Host Encyclopedia Gen - Workstation Toolset

Issue/Introduction

Can Gen client/server applications support Kerberos authentication?

Environment

Gen client/server applications

Resolution

CA Gen client/server applications have no direct support for Kerberos authentication but can indirectly support Kerberos by customisation of the security user exits to use Enhanced Security with security token as follows:

1. The Enhanced Security and token parameters should be set in the client side user exit.
For example for Gen Windows GUI clients the user exit source WREXITN.C contains function WRSECTOKEN. In that function a return code of SecurityUsedEnhanced needs to be set and token parameters token & tokenLen need to be set. ONLY if using a Gen Client Manager or a Communications Bridge does the parameter bClntMgrSecurity need to be changed from default of FALSE to TRUE.
More details can be found in the user exit comments and documented here:
Gen™ 8.6 > Reference > User Exits > Windows C User Exits > Windows GUI Client User Exits > WRSECTOKEN - Client Security Token User Exit (Windows)

2. The security token would then be authenticated by adding required code to the corresponding server side exit e.g. for Gen CICS servers the user source is TIRSECVX and more details can be found in the user exit comments and documented here::
Gen™ 8.6 > Reference > User Exits > z/OS User Exits > z/OS Server User Exits - CICS > TIRSECVX - Server Client Security Validation Exit

Additional Information

Feedback

thumb_up Yes

thumb_down No