"Auditing-Possibility" for POE OPTIONS(88) - ONLY HONOR TERMINAL ON SOURCE PROTECTION
search cancel

"Auditing-Possibility" for POE OPTIONS(88) - ONLY HONOR TERMINAL ON SOURCE PROTECTION

book

Article ID: 5990

calendar_today

Updated On:

Products

Top Secret Top Secret - LDAP

Issue/Introduction

With the introduction of fix RO88216, if a POE= was passed on the      

RACROUTE REQUEST=VERIFY,ENVIR=CREATE security call, TSS will honor     

the value passed in the POE= and check for a SOURCE restriction in the 

user's record or profile.  If the acid has a SOURCE restriction and    

does NOT a match the value passed in the POE=, then the sign on will   

fail with TSS7171E Unauthorized Source of System Entry.                

 

Environment

Release: TOPSEC00200-15-Top Secret-Security
Component:

Resolution

APAR #: TR94142 

This fix, along with setting OPTIONS(88) in the TSS parameter file, if 

a RACROUTE REQUEST=VERIFY,ENVIR=CREATE with POE= was issued, and the   

acid has a SOURCE restriction that does NOT match the POE= passed,     

then we will allow the call to succeed but log it with the following   

message to our ATF file:                                               

                                                                       

++ TSS ADD(acid/profile) SOURCE(xxxxxxxx)                              

                                                                       

Where xxxxxxxx is the POE passed on the RACROUTE security call.