search cancel

Gen client/server applications support for Kerberos

book

Article ID: 130289

calendar_today

Updated On:

Products

Gen Gen - Run Time Distributed Gen - Host Encyclopedia Gen - Workstation Toolset

Issue/Introduction

Can Gen client/server applications support Kerberos authentication?

Environment

Gen client/server applications

Resolution

CA Gen client/server applications have no direct support for Kerberos authentication but can indirectly support Kerberos by customisation of the security user exits to use Enhanced Security with security token as follows:

1. The Enhanced Security and token parameters should be set in the client side user exit.
For example for Gen Windows GUI clients the user exit source WREXITN.C contains function WRSECTOKEN. In that function a return code of SecurityUsedEnhanced needs to be set and token parameters token & tokenLen need to be set. ONLY if using a Gen Client Manager or a Communications Bridge does the parameter bClntMgrSecurity need to be changed from default of FALSE to TRUE.
More details can be found in the user exit comments and documented here:
Gen™ 8.6 > Reference > User Exits > Windows C User Exits > Windows GUI Client User Exits > WRSECTOKEN - Client Security Token User Exit (Windows)

2. The security token would then be authenticated by adding required code to the corresponding server side exit e.g. for Gen CICS servers the user source is TIRSECVX and more details can be found in the user exit comments and documented here::
Gen™ 8.6 > Reference > User Exits > z/OS User Exits > z/OS Server User Exits - CICS > TIRSECVX - Server Client Security Validation Exit

Additional Information

For security user exits for other types of clients and servers please see:
Gen™ 8.6 > Distributed Processing > User Exits in Distributed Processing > Working With Distributed Processing

Additional useful references:
Gen™ 8.6 > Developing > Designing > Designing Client-Server Applications > Security in Client Server Applications > User Identification

Gen™ 8.6 > Distributed Processing > Working With Distributed Processing > Security in Distributed Processing > Security Data > Enhanced Security

Gen™ 8.6 > Distributed Processing > Working With Distributed Processing > Security in Distributed Processing > Client Security Processing

Gen™ 8.6 > Distributed Processing > Working With Distributed Processing > Security in Distributed Processing > Server Security Processing