On 3/10/2006 9:25 AM, [EMAIL PROTECTED] wrote:
I'm no security expert, but the impression I get from other products that
do security checking on behalf of other users, is that, as someone earlier posted, a
RACROUTE is performed using the subject's userid. It seems inappropriate to have to
muck with the TCB.
He is trying to establish a different security environment within his
server, in which all requests made by the system need to be processed as
a different user. He is not making a request on behalf of another user.
In that situation, he needs to do the same kinds of things that the
system would do, including manipulating the TCB.
Walt Farrell, CISSP
z/OS Security Design, IBM
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
