Tivoli Header
Tivoli Storage Manager Using the Application Program Interface
TSM-Authorized User (UNIX and OS/400 Only)
The Trusted Communication Agent (TCA), a child process, normally controls
access to the protected password file. It is possible to have the
passwordaccess generate function without starting the TCA.
To do this:
- Write the application with a call to dsmSetUp which will pass
argv[0]. The argv[0] contains the name of the
application that calls the API. We permit the application to run as
TSM-Authorized; however, the Tivoli Storage Manager administrator should
decide on the login name for the TSM-Authorized user.
- Set the S bit (set the effective user ID) to On for
the application executable. The owner of that application executable
can then become a TSM-Authorized user. This permits the user to create
a password file, update passwords, and run applications. The owner of
the application executable must be the same as the User ID that runs the
program. For example, "User" is User1, the name of the
application executable is applA, and User1 has
read-write permissions on the /home/user1 directory. The
permissions on applA are:
-rwsr-xr-x user1 group1 applA
- Note:
- On OS/400, there is no S bit. Set the application program to run under
owner authority so the application owner can become a TSM-authorized
user. To set, use the USRPRF( *OWNER) option of the
CRTPGM (create program) or the CHGPGM (change program)
commands.
- Instruct the users of the application to use the TSM-Authorized name to
log in. Tivoli Storage Manager verifies that the login ID matches the
application executable owner before it permits access to the protected
password file.
- Set the passworddir option in the dsm.sys
file to point to a directory where this user has read-write access. For
example, under the server stanza in dsm.sys, you would
enter:
passworddir /home/user1
- Start the password file and ensure that the TSM-authorized user owns the
file.
- Run applA logged on as User1.
- Call dsmSetUp and pass in argv.
- Note:
- When you are running in a multi-threaded mode and passwordaccess
is generate, only the root, or TSM-Authorized user, is permitted
access. The TCA child process, then, does not start. This is
true for version 3.1.6 through version
4.1.2.
[ Top of Page | Previous Page | Next Page | Table of Contents | Index ]