How do I know if ACF2 is sending secondary authids to DB2 during the signon?

book

Article ID: 14805

calendar_today

Updated On:

Products

CA ACF2 CA ACF2 - DB2 Option CA ACF2 for zVM CA ACF2 - z/OS CA ACF2 - MISC CA PanApt CA PanAudit

Issue/Introduction

Under native DB2 security, many DB2 security administrators use secondary authIDs to simplify DB2 security administration.  DB2 provides two exits that let you inspect or modify a user's identity to DB2, [email protected] and [email protected] CA-ACF2 provides two sample exits that you can use instead of IBM - supplied default exits, library ACF2.CX1xxMLD (where xx is the release of ACF2), members [email protected] and [email protected] 



How do I know if ACF2 is sending secondary authids to DB2 during the signon?

Environment

Release:
Component: ACF2DB

Resolution

CA ACF2 can send a WTO for the first 1/2 dozen secondary authIds by modifying the exits that are being used.  

$WTOFLAG DC    C'N'    

Either change this to a Y and re-assemble and re-insert the exit in the DB2 exit points, or zap the offset in the module.  

Additional Information

The WTO messages can be one of the five coded in the exits:

$WTOMSG1 WTO   'ACFS3ATH-001: PRIMARY ID; XXXXXXXX SQL ID; XXXXXXXX',  X

               ROUTCDE=(11),MF=L                                        

WTOLEN1  EQU   *-$WTOMSG1                                               

$WTOMSG2 WTO   'ACFS3ATH-002: PRIMARY ID; XXXXXXXX',                   X

               ROUTCDE=(11),MF=L                                        

WTOLEN2  EQU   *-$WTOMSG2                                               

$WTOMSG3 WTO   'ACFS3ATH-003: SSL RC=XXX; COUNT=XXX; LIST IDS; XXXXXXXXX

               YYYYYYYYZZZZZZZZ',ROUTCDE=(11),MF=L                      

WTOLEN3  EQU   *-$WTOMSG3                                               

$WTOMSG4 WTO   'ACFS3ATH-004: SQL ID; XXXXXXXX',                       X

               ROUTCDE=(11),MF=L                                        

WTOLEN4  EQU   *-$WTOMSG4                                               

$WTOMSG5 WTO   'ACFS3ATH-005: DB2 CONNECTION PARAMETER LIST IS IN ERRORX

               ',ROUTCDE=(11),MF=L