Our broker implementation has SECURITY=YES which requires all caller to send in a userid which is used to authenticate against RACF. The userid is then used by Natural RPC set with LOGONRQ = ON.

In addition to the userid authentication, we also want to limit broker usage to certain ip addresses.

We have a racf resource class profile setup which not only limits calls to broker to be made via certain userid but also the calls can only be issued from 2 specific ip addresses.

With CHECK-IP-ADDRESS=YES and SECURITY-LEVEL=AUTHORIZATION, the userid authorization check seems to be working as expected. The ip address aspect seems to be ignored. When I issued the “valid” userid from an ip address source not defined to the resource class, then broker proceeds to allow the connection. If I used a userid not defined to the resource class and tried to connect, I get a “IP restriction error” which is what I expect.

How can I get broker to consider both the userid and the ip-address source for authorization?

Many thanks in advance.


Hello Min,

what is your Broker version? I think there are some fixes for 8.2.1 and 8.2.2 available.