The following paragraphs describe and illustrate how the system determines the validity of an access request from a remote host.
Requests from a User at a Remote Host
When a user at a remote host requests access to the local host through a distributed systems service, the system searches the USERDATAFILE for entries enabling the requesting <usercode>/<host name> combination to access the local host.
When a “matching” entry is found, the search terminates and the user is granted access to the local host. If the entry contains a local-alias usercode, that usercode is used to identify the user; otherwise, the requesting remote usercode is used.
See Managing Usercodes for Remote Users for a discussion of how the system evaluates an incoming transfer request for access to the local system and how it then searches the USERDATAFILE for applicable REMOTEUSER entries.
Example
As an example, consider a host in a network where the following <remoteuser add> statements are used to create REMOTEUSER entries in the USERDATAFILE:
+RU SALES OF BRONX, WALLSTREET;
+RU SALES OF *ANYHOST LOCALALIAS = OTHERSALES;
+RU *ANYUSER OF BRONX, WALLSTREET;
+RU *ANYUSER OF *ANYHOST LOCALALIAS = OTHERUSER;
+RU *NOUSERCODE OF NEWYORK LOCALALIAS = BIGAPPLE;
The following table shows which usercodes are used for local identification when requests are received from remote users at various hosts in the network.
|
<remote usercode>/<host name> |
<local usercode> |
|---|---|
|
SALES/BRONX |
SALES |
|
SALES/DETROIT |
OTHERSALES |
|
PAYROLL/BRONX |
PAYROLL |
|
PAYROLL/WALLSTREET |
PAYROLL |
|
PAYROLL/BOSTON |
OTHERUSER |
|
NOUSERCODE/NEWYORK |
BIGAPPLE |
Suppose the following <remoteuser alias change> statements are then entered:
RU SALES OF *ANYHOST - LOCALALIAS; RU *ANYUSER OF BRONX LOCALALIAS = NYUSER;
The following table lists the usercodes that would then provide local identification when requests are received from remote users at various hosts in the network.
|
<remote usercode>/<host name> |
<local usercode> |
|---|---|
|
SALES/BRONX |
SALES |
|
SALES/DETROIT |
SALES |
|
PAYROLL/BRONX |
NYUSER |
|
PAYROLL/WALLSTREET |
PAYROLL |
|
PAYROLL/BOSTON |
OTHERUSER |
|
NOUSERCODE/NEWYORK |
BIGAPPLE |
Next, assume the following <remoteuser delete> statements are entered:
-RU SALES OF BRONX, WALLSTREET; -RU *ANYUSER OF *ANYHOST
The following table lists the usercodes that would provide local identification when requests are received from remote users at various hosts in the network.
|
<remote usercode>/<host name> |
<local usercode> |
|---|---|
|
SALES/BRONX |
SALES |
|
SALES/DETROIT |
SALES |
|
PAYROLL/BRONX |
NYUSER |
|
PAYROLL/WALLSTREET |
PAYROLL |
|
PAYROLL/BOSTON |
**access denied** |
|
NOUSERCODE/NEWYORK |
BIGAPPLE |
REMOTEUSER Alias Change
The <remoteuser alias change> statement changes the usercode used by a remote user on the local host.
Syntax
<remoteuser alias change>
──┬─ REMOTEUSER ─┬─┬─<usercode alias change>─────┬─────────────────────┤
└─ RU ─────────┘ ├─<nousercode alias change>───┤
└─<anonymousftp alias change>─┘<usercode alias change>
──┬─<usercode>─┬─ OF ─┬─<host list>─┬──────────────────────────────────► └─ *ANYUSER ─┘ └─ *ANYHOST ──┘ ►─┬─ LOCALALIAS ── = ──<usercode>─┬────────────────────────────────────┤ └─ - ── LOCALALIAS ─────────────┘
<nousercode alias change>
── *NOUSERCODE ── OF ─┬─<host list>─┬─ LOCALALIAS ── = ──<usercode>────┤
└─ *ANYHOST ──┘<anonymoustftp alias change>
── *ANONYMOUSFTP ── OF ─┬─<host list>─┬─ LOCALALIAS ── = ──<usercode>──────┤
└─ *ANYHOST ──┘<host list>
┌◄─────────────── , ──────────────┐
──┴─┬─<host name>─────────────────┬─┴──────────────────────────────────┤
├─ *IPADDRESS <IP address> ───┤
└─ *DOMAINNAME <domain name> ─┘Explanation
For each REMOTEUSER alias change statement, the remoteuser entry for the specified usercode has a <host name, localalias> pair or the <host name, localalias, service mask> group changed. The USERDATAFILE must contain a user entry for the local-alias usercode. If a local-alias usercode was not specified, the USERDATAFILE must contain a user entry for the remote usercode.
Examples
REMOTEUSER ALIAS Change Examples lists examples that illustrate the <remoteuser alias change> statement.
Table 59. REMOTEUSER ALIAS Change Examples
|
The statement . . . |
Is used to . . . |
|---|---|
|
RU *ANYUSER OF *IPADDRESS 125.32.8.1 -LOCALALIAS; |
Change the local-alias usercode for any users with the specified IP address. |
|
REMOTEUSER SALES OF BRONX LOCALALIAS = RSALES; |
Change the local-alias usercode to RSALES for any users with access to the host BRONX. |
|
RU PAYROLL OF BOSTON -LOCALALIAS; |
Change the access to the host BOSTON so that users must access the host using the remote usercode PAYROLL. |
|
REMOTEUSER *NOUSERCODE OF NEWYORK LOCALALIAS = BIGAPPLE; |
Change the access to the host NEWYORK so that users must use the local-alias usercode to access the host. |
REMOTEUSER Comment Change
This statement changes the comment associated with a remote user entry.
Syntax
<remoteuser comment change>
──┬─ REMOTEUSER ─┬─<comment change>────────────────────────────────────┤ └─ RU ─────────┘
<comment change>
──┬─<usercode>─┬─ OF ─┬─<host list>─┬─┬─ COMMENT = <comment list> ─┬───┤ └─ *ANYUSER ─┘ └─ *ANYHOST ──┘ └─ ─ COMMENT ────────────────┘
Explanation
REMOTEUSER Comment Change Forms lists the forms of the <remoteuser comment change> statement.
Table 60. REMOTEUSER Comment Change Forms
|
Form |
Function |
|---|---|
|
REMOTEUSER <usercode> OF <host list> COMMENT = <comment text> |
For each host name specified in the host list, the <comment text>is added to the entry <usercode>/<host name>. |
|
REMOTEUSER <usercode> OF <host list> - COMMENT |
For each host name specified in the host list, the <comment text>is deleted from the entry <usercode>/<host name>. |
|
REMOTEUSER <usercode> OF *ANYHOST COMMENT = <comment text> |
The <comment text> is added to the entry <usercode>/*ANYHOST. |
|
REMOTEUSER <usercode> OF *ANYHOST - COMMENT |
The <comment text> is deleted from the entry <usercode>/*ANYHOST. |
Examples
REMOTEUSER Comment Change Examples shows how the <remoteuser comment change>statement is used.
Table 61. REMOTEUSER Comment Change Examples
|
The statement . . . |
Is used to . . . |
|---|---|
|
REMOTEUSER SALES OF BRONX COMMENT "Added on 9/21/2008"; |
Changes the comment associated with usercode SALES on the host BRONX. |
|
RU PAYROLL OF BOSTON - COMMENT |
Deletes the comment associated with usercode PAYROLL on the host BOSTON |
REMOTEUSER Service Change
This statement changes the service list used by a remote user on the local host.
Syntax
<remoteuser service change>
──┬─ REMOTEUSER ─┬─<service change>────────────────────────────────────┤ └─ RU ─────────┘
<service change>
──┬─<usercode>─┬─ OF ─┬─<host list>─┬─┬─ SERVICE = <service list> ─┬───┤ └─ *ANYUSER ─┘ └─ *ANYHOST ──┘ └─ ─ SERVICE ────────────────┘
Explanation
REMOTEUSER Service Change Forms lists the forms of the <remoteuser service change> statement.
Table 62. REMOTEUSER Service Change Forms
|
Form |
Function |
|---|---|
|
REMOTEUSER <usercode> OF <host list> SERVICE = <service list> |
For each host name specified in the host list, the <service list>is added to the entry <usercode>/<host name>. |
|
REMOTEUSER <usercode> OF <host list> - SERVICE |
For each host name specified in the host list, the <service list>is deleted from the entry <usercode>/<host name>. |
|
REMOTEUSER <usercode> OF *ANYHOST SERVICE = <service list> |
The <service list> is added to the entry <usercode>/*ANYHOST. |
|
REMOTEUSER <usercode> OF *ANYHOST - SERVICE |
The <service list> is deleted from the entry <usercode>/*ANYHOST. |
Examples
REMOTEUSER Service Change Examples shows how the <remoteuser service change>statement is used.
Table 63. REMOTEUSER Service Change Examples
|
The statement . . . |
Is used to . . . |
|---|---|
|
REMOTEUSER SALES OF BRONX SERVICE = AUTOSTAXFER; |
Change the service list for the usercode SALES on the host BRONX. |
|
RU PAYROLL OF BOSTON - SERVICE; |
Delete the service list for the usercode PAYROLL on the host BOSTON. |
|
REMOTEUSER *NOUSERCODE OF NEWYORK SERVICE = AUTOSTAXFER; |
Change the service list for nonusercoded users on the host NEWYORK. |
