Natural RPC Server and EntireX Security

David_Sanders · February 20, 2006, 4:45pm

I need some advice on configuring a Natural RPC Server to run with EntireX security. My Server fails to register with Broker as I have not supplied the correct credentials. Here is an extract from the Broker log file:

W01/USRSEC 2006-02-20 10:58:22.879 ETBD0286 Diagnostic Values:
Stubs say no password was supplied
W01/SECLOGN 2006-02-20 10:58:22.879 ETBE0146 Access denied by Security Facility
W01/SECLOGN 2006-02-20 10:58:22.879 ETBD0296 Additional information:
User ID… ukds
Token…
Physical Uid… 20205043554B44532D2D30303030303935382D2D3030303031334334
Error code … 0x0000015E
Error text … Bad UserID detected, access denied

The only place I can find to set a user id id is SRVUSER in Natparms and any value I try seems to fail. Is this correct or does it have to be set elsewhere? How is the password passed to Broker?

I am also unclear about how Broker maintains a list of valid users?

Thanks in advance,
David Sanders

Douglas_Kelly · February 21, 2006, 7:21pm

Broker contacts the local security environment where Broker is running for authentication. On the mainframe, this is typically RACF or ACF2 that authenticates the userid/password. On Windows, the Windows login is used - either a domain login (domain\user) or a local user account can be used.
password can be supplied from the STACK by executing a SYSEXT routine (check the USR107* and USR207* routines - I think it is USR2071P). If running on the mainframe, trusted user can be used instead of supplying the password.

David_Sanders · March 3, 2006, 3:20pm

Hi Douglas,

Thanks for the pointer. User exit USR2072 is the one to use for setting the password for registering a Natural RPC server with Broker. I created a copy in my application library and changed it to use a hardcoded password.

For the record, here is what I had to do elsewhere:

Natparm for Natural RPC Server:

set SRVUSER to the userid used for logon
set STARTUP to the password user exit program (USR2071P or customised version)
set INIT-LIB to SYSEXT (if USR2071P used above)

EntireX Runtime:

set the exx-use-security and exx-encryption-level for the xmms element in xml-init.xml:

Client Applications calling web services:

Add the user id and password to the web service url:
…?exx-userID=RPCUSER&exx-password=RPC
This worked with an ASP client and a Natral program using the REQUEST DOCUMENT statement.

There may be better ways of doing this but the above does work.

Regards,
David Sanders