Manualshelf

SNAX/APC Configuration and Management Manual

ManualsBrandsHP ManualsServerHP NonStop G-Series
51525354555657585960
Planning for SNAX/APC
SNAX/APC Configuration and Management Manual138787
2-10
SNAX/APC Security
LUs to verify each other’s identity. LU-LU verification takes place when an LU-LU
session is established.
Conversation-Level Security
The APPC architecture describes a large (and growing) number of options for
conversation-level security. To simplify somewhat, the options can be classified into
three groups: sending a user ID and password, receiving a user ID and password, and
persistent verification.
Sending a user ID and password can be thought of as conversation-level security for the
client. (In APPC terminology, the client is the side that initiates the request for a
transaction program and the server is the side that receives the request.) This feature
enables the client TP to include a user ID and password when sending a request to start a
conversation with a server TP. This request is called an Attach or FMH-5 on the LU-LU
flow and an Allocate verb on the TP-LU flow.
Receiving a user ID and password can be thought of as conversation-level security for
the server. This feature enables the LU receiving a request to start a conversation to
verify the identity of the user and their authority to access the requested transaction
program before satisfying the request. The APPC architecture specifies a number of
different security checks that can be applied to the request and several types of
information in addition to the user ID and password that can be used in the security
checks. It is up to each implementation to choose which set of checks to enforce and
whether to use (or require) any security information besides user ID and password.
The sending and receiving of user IDs and passwords in APPC has one major weakness:
the passwords are transmitted openly with no encryption, which makes them vulnerable
to interception when the physical transmission medium is not secure (as is the case for
most LANs).
Persistent verification reduces the risk of sending passwords in the clear by minimizing
the number of times a password needs to be transmitted between two LUs. This is done
by keeping a list of verified users at each LU. Once a user has been verified at the server
LU, the client LU does not need to include the password on subsequent requests from
that user. Obviously this protocol must be implemented on both the client and the server
to work.
SNAX/APC Security
SNAX/APC provides a basic level of security for server transaction programs running
on a Tandem system. SNAX/APC supports:
Client conversation-level security, the ability to include a user ID and password on a
request to start conversation with a server transaction program on a remote LU.
Server conversation-level security, the ability to apply security tests to a request
received from a remote LU to start a conversation with a server transaction program.
If the security tests fail, the request is denied.
SNAX/APC does not support persistent verification or session-level security.