PAM Management Programming Manual
PAM Management Programming Manual—142481
2-1
2
Communicating With the PAM
Subsystem
This section describes how a management application sends commands to and receives
responses from the PAM subsystem and how a management application retrieves Event
Management Service (EMS) messages generated by the PAM subsystem.
How a management application retrieves EMS event messages generated by the PAM
subsystem is described in Section 6, Event Messages
.
Communicating Through SCP
To manage the PAM subsystem, an application communicates with the PAM Manager
(PAMMAN) process, $ZZPAM, by opening and sending requests to the Subsystem
Control Point (SCP) process. Communication between a management application and
the SCP process consists of the following steps:
1. The application opens the SCP process.
2. The application sends a SPI-formatted request (a PAM command) to SCP. A token
in the command tells SCP that the request is for the PAM subsystem.
3. SCP checks whether or not $ZZPAM is open. If it is not, SCP opens it.
4. SCP checks whether or not the versions of $ZZPAM and the application are
compatible, and it performs security validation on the request.
5. If all is well, SCP forwards the request to $ZZPAM.
6. If the request is directed to $ZZPAM itself, that process responds to the request. If
the request is directed to the PAM process, $ZZPAM forwards it to the PAM
process. The PAM process returns a response to $ZZPAM.
7. $ZZPAM then returns the response to SCP, and SCP returns it to the management
application.
8. Before terminating, the application closes SCP.
Usually, $ZZPAM remains in the open state after being opened by SCP. It will be closed
if any file-system error occurs or at the expiration of timeout value.
For information about creating $ZZPAM, refer to the PAM Configuration and
Management Manual.