>Date: Tue, 06 Jul 1999 09:52:12 -0700
>From: Mike Smith <[EMAIL PROTECTED]>
>> > Could you point me to more about this (RAGF) scheme?
>> [ML] I don't know if I have spelled it out correctly, but this
>> is the authentication scheme used on mainframes (IBM at least) where all
>> syscalls are routed through the authentication subsystem before
>> proceeding. However, the subsystem seems to reside in kernel, and is
>> (possibly precompiled) table driven so that it does not cause gross
>> inefficiency.
>RACF IIRC, often pronounced "Rack Off".
Mike's pronunciation notwithstanding.... :-)
>From 1982 - 1992, I was involved in (among other things) installing and
implementing RACF in IBM MVS{,/{X,ES}A} (mainframe) systems. During the
bulk of that time, I also wrote system exits (packaged as "usermods") to
make use of RACF capabilities to control various aspects of the system's
operation -- for example, to control which disk drives were used for
creating files. (This latter was intended to allow one set of drives to
be used for the files that were necessary for bringing MVS up, a different
(non-intersecting) set that was used (only) for "production" files, and
another set that was for "normal user" files. Worked reasonably well,
too -- despite some of the uglier interfaces available to folks who
wanted to try to implement something like this.)
Assuming that the product with which I retain some familiarity is the
one in question, characterizing it as "where all syscalls are routed
through the authentication subsystem before proceeding" is somewhat of
an over-simplification (since only a few "resource managers" (as they
were (are?) called) were present in the system -- OPEN/CLOSE/EOV was one
of the first ones).
However, I don't expect that additional details of RACF are likely to be
of general interest to -hackers, so I'll spare further bandwidth on
that... but I'm available as a resource for out-of-band discussions of
RACF(-like) facilities.
Cheers,
david
--
David Wolfskill [EMAIL PROTECTED] UNIX System Administrator
voice: (650) 577-7158 pager: (888) 347-0197 FAX: (650) 372-5915
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message
