The validated logon function allows applications to omit a password when logging on to the database from mainframe-attached client systems. (Logon requests from workstation-attached systems always require a password.) This function is also supported by the TDPLGUX User Logon Exit interface and the TDPUAX Address Space Exit.
TDP security processing for validated logon requests can be handled by the security logon function, or by TDPLGUX or TDPUAX, or any combination of the three, depending on your system configuration.
Before any user can log onto the database, the user name must be defined in the database. A typical user name definition would be:
CREATE USER SAMPUSER AS PERM=10000000 PASSWORD=MYPASSWORD;
This defines user name SAMPUSER with ten megabytes reserved for tables and associated data structures, and a logon password of MYPASSWORD. (The user definition must include a password, even if you intend to use the validated logon feature.)
With this definition, the user could log on to the database by specifying the TDPid associated with the RDBMS, a user name of SAMPUSER, and a password of MYPASSWORD.
- The database system administrator would have to grant logon access with a null password.
- The system security administrator would have to create the appropriate user resource profiles or access rules in the external security manager application database.
See Setting up and Using the Security Logon Function for a complete description of these tasks.