> In this case, however, both IBM and CA offer products for sale in this > space. I would rather see the requirement levied against the various > ESMs > to provide this function since that's where it logically belongs. > Alan Altmark > z/VM Development > IBM Endicott
I'd make a counterargument that if IBM intends to position z/VM only as a Linux hosting environment, then the current setup that requires the user to have the skills to rebuild CP to enable an ESM (which Chuckie usually recommends) is highly user-hostile, and needs to be resolved at the CP layer, not in third-party products. Every ESM shouldn't have to invent the CP interface wheel. A cleaner, less intimately entwined, set of security interfaces would be good for everyone, including the IBM products, and with the enormous amount of work going into z/VM 6.next, this would be a good time to architect it in. The rest of the functionality (resolving userid validity, credential mapping, etc) are all user-space pieces, and I'd totally agree that that's where they belong -- in the ESM logic. But, that's the issue I mentioned. If there's consensus that this would be useful, and if IBM would consider adding it to z/VM, I'm willing to do the work. I just don't want to create Yet Another Way to do it, which perpetuates the current situation.
