Use of "Already Verified" APPC Security from Invoking TPsLast reviewed: April 17, 1997Article ID: Q163015 |
The information in this article applies to:
SYMPTOMSCustomers have often requested a capability for an invoking APPC transaction program (TP) to use security option "Already Verified", even in cases where the invoking TP was not invoked by some other APPC TP. This capability was always available in SNA Server, but somewhat inefficient in implementation. In SNA Server and other industry standard implementations of APPC, it is possible to implement a "pass through" TP, which could be invoked by the real invoking TP, and merely passes on the messages from the original invoking TP. For a trusted APPC application, it is inefficient to issue originating (that is, invoking) APPC conversations on behalf of multiple users using APPC "Already Verified" security. The direct approach would be to issue an [MC_]ALLOCATE APPC verb specifying both security=AP_SAME and an arbitrary username in the verb control block (VCB). The corresponding action in CPI-C would be to call cmscst(, CM_SECURITY_SAME,) and cmscsu( , <someUser> . . .), or provide this information in the symbolic destination definition. However, actually doing either of these results in an APPC conversation that ignores the value of the username parameter.
CAUSEThis limitation is behavior specified in version 1.2 of the WOSA WinAPPC and WinCPIC specifications. It has been implemented in other APPC libraries, such as Communications Manager 1.0.
RESOLUTIONThe SNA Server WinAPPC and WinCPIC APIs will support an extension as follows:
STATUSMicrosoft has confirmed this to be a problem in SNA Server versions 2.0, 2.10, 2.11 and 2.11 Service Pack 1 (SP1) 2.11. A supported fix is now available, but has not been fully regression-tested and should be applied only to systems experiencing this specific problem. Unless you are severely impacted by this specific problem, Microsoft recommends that you wait for the next Service Pack that contains this fix. Contact Microsoft Technical Support for more information.
REFERENCEFor more information on the UnverifiedAP_SAME registry entry (which has been replaced with the AP_SAMENOSUser registry entry in SNA Server version 3.0), please see the following article in the Microsoft Knowledge Base:
Article-ID: Q135316 Title : Support for sending User ID on Attach when AP_SAME specified [sna] |
Additional query words: SNA APPC CPI-C Already Verified AP_SAME prodsna
© 1998 Microsoft Corporation. All rights reserved. Terms of Use. |