APF AC(1), program control and UID(0) are mutually unrelated.
-- Shmuel (Seymour J.) Metz http://mason.gmu.edu/~smetz3 ________________________________________ From: IBM Mainframe Discussion List [[email protected]] on behalf of Erik Janssen [[email protected]] Sent: Monday, February 21, 2022 3:59 PM To: [email protected] Subject: Re: creating a python login module Well, the routine I wrote can handle a user, password or passphrase and optionally an APPL to verify against. So, even though there are a lot of options to do it different, I was more looking for ways how such a 'service routine' that needs apf authorization could be used from a non-authorized caller. The __passwd routine can do it, but it requires program controlled environment and python doesn't seem to be defined as program controlled and I don't want to 'just' enable it. Also, the relation between APF authorisation and program control (if any) still eludes me, and if there is no relation then I don't understand how __passwd can check a password if the environment is not apf authorized. I hope that someone can explain how that works. Kind regards, Erik. On Mon, 21 Feb 2022 15:10:48 +0000, Colin Paice <[email protected]> wrote: >Erik, > >Do you need to specify a password? > >Could you define a RACF profile instead, and use RACF check to see if the >userid has access to that profile? >I dont think there is a Callable function for it, but you could write some >glue code to call an assembler routine to do a RACROUTE call. > >You could use an existing class, such as APP. >I dont think it needs to be APF authorised... but you would need to check >this. > >Colin > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
