Tivoli Header

Tivoli Storage Manager Using the Application Program Interface

Using Passwordaccess Generate Without TCA

TSM-Authorized User (UNIX and OS/400 Only)

The Trusted Communication Agent (TCA), a child process, normally controls access to the protected password file. It is possible to have the passwordaccess generate function without starting the TCA. To do this:

  1. Write the application with a call to dsmSetUp which will pass argv[0]. The argv[0] contains the name of the application that calls the API. We permit the application to run as TSM-Authorized; however, the Tivoli Storage Manager administrator should decide on the login name for the TSM-Authorized user.
  2. Set the S bit (set the effective user ID) to On for the application executable. The owner of that application executable can then become a TSM-Authorized user. This permits the user to create a password file, update passwords, and run applications. The owner of the application executable must be the same as the User ID that runs the program. For example, "User" is User1, the name of the application executable is applA, and User1 has read-write permissions on the /home/user1 directory. The permissions on applA are:
       -rwsr-xr-x user1    group1   applA
    
    Note:
    On OS/400, there is no S bit. Set the application program to run under owner authority so the application owner can become a TSM-authorized user. To set, use the USRPRF( *OWNER) option of the CRTPGM (create program) or the CHGPGM (change program) commands.
  3. Instruct the users of the application to use the TSM-Authorized name to log in. Tivoli Storage Manager verifies that the login ID matches the application executable owner before it permits access to the protected password file.
  4. Set the passworddir option in the dsm.sys file to point to a directory where this user has read-write access. For example, under the server stanza in dsm.sys, you would enter:
       passworddir /home/user1
    
  5. Start the password file and ensure that the TSM-authorized user owns the file.
  6. Run applA logged on as User1.
  7. Call dsmSetUp and pass in argv.

Note:
When you are running in a multi-threaded mode and passwordaccess is generate, only the root, or TSM-Authorized user, is permitted access. The TCA child process, then, does not start. This is true for version 3.1.6 through version 4.1.2.


[ Top of Page | Previous Page | Next Page | Table of Contents | Index ]