We run the DQS batch system on our IBM RS/6000's and have implemented
  changes so that tokens are passed with jobs and used on the machines of
  execution.

It's actually a bug that this works.

Kerberos 5 has provisions for delegating rights for this sort of thing.
Also, we've implemented a third-party authentication scheme for use on
file protocol translators that does something similar.  It's described
in a CITI tech report.  I can look up the ref and provide an online
copy if anyone's interested.

Reply via email to