HP-UX SNAplus2 CPI-C Programmer's Guide (June 2003)
Concepts
Overview of Conversation Security
Chapter 1 53
Overview of Conversation Security
You can use conversation security to require that the invoking program
provide a user ID and password before CPI-C allocates a conversation
with the invoked TP.
In configuring the invoked TP, the System Administrator indicates
whether to use conversation security. If so, the invoking TP must provide
a user ID and password when allocating a conversation with the invoked
program. These are either taken from the side information or specified
explicitly by the invoking program, and must match a user ID and
password configured for the invoked program.
SNAplus2 also supports LU-LU session security, which provides security
checking when starting the session between the local and remote LUs.
LU-LU session security is specified during configuration, and does not
require any action in CPI-C programs. For more information, refer to the
SNAplus2 Administration Guide.
Conversation Security for Multiple Conversations
In the example shown in “Multiple Conversations”, when program A
invokes program B and B then invokes C as a result of the conversation
with A, the configuration of C may indicate that it will accept an
“already-verified” security indication. In this case, the user ID and
password supplied by A must still be verified against the configuration
for B. However, when B invokes C, it sets the
security_type
conversation characteristic to “same”, and CPI-C sends to C the user ID
supplied by A and an indication that security has already been verified.
For more information, see “Set_Conversation_Security_Type (cmscst)”.
For Unix If the program is involved in more than one pair of incoming and
outgoing conversations in this way, it needs to indicate which incoming
conversation is to provide the user ID for an outgoing conversation. To do
this, CPI-C associates each conversation with a specific “context ID”.
This is assigned and used as follows: