Date: Tue, 6 Jul 1999 22:27:39 -0400 (EDT) From: "John W. DeBoskey" <jwd@unx.sas.com> To: dhw@whistle.com (David Wolfskill) Cc: freebsd-hackers@freebsd.org, mike@smith.net.au Subject: Re: Connect and so on.. Message-ID: <199907070227.WAA83834@bb01f39.unx.sas.com> In-Reply-To: From David Wolfskill at "Jul 6, 1999 1:31:45 pm"
next in thread | raw e-mail | index | archive | help
Ahhh.. RACF... MVS... Music to my ears...
And speaking of resource managers... don't forget
the ESM on CMS for SFS... :-)
I would have spared the bandwidth.. but it's worth noting
that we run a production system that installs user exits into
the Shared File System on CMS via the Callable Services Libraries
(CSL). ie: We take over the CSL entry points.
Whenever accessing files within a given Filepool, we
dynamically redirect the I/O to our FreeBSD systems where the
data actually resides. No modifications are then required to the
application running on the mainframe, and they have no idea the
data isn't local.
Never underestimate the power of good user exits and the
ability to implement your own External Security Manager...
Just my 0.02 :-)
John
ps: I've always pronounced it 'RACK-F' (as in the letter F).
> >Date: Tue, 06 Jul 1999 09:52:12 -0700
> >From: Mike Smith <mike@smith.net.au>
>
> >> > Could you point me to more about this (RAGF) scheme?
> >> [ML] I don't know if I have spelled it out correctly, but this
> >> is the authentication scheme used on mainframes (IBM at least) where all
> >> syscalls are routed through the authentication subsystem before
> >> proceeding. However, the subsystem seems to reside in kernel, and is
> >> (possibly precompiled) table driven so that it does not cause gross
> >> inefficiency.
>
> >RACF IIRC, often pronounced "Rack Off".
>
> Mike's pronunciation notwithstanding.... :-)
>
> From 1982 - 1992, I was involved in (among other things) installing and
> implementing RACF in IBM MVS{,/{X,ES}A} (mainframe) systems. During the
> bulk of that time, I also wrote system exits (packaged as "usermods") to
> make use of RACF capabilities to control various aspects of the system's
> operation -- for example, to control which disk drives were used for
> creating files. (This latter was intended to allow one set of drives to
> be used for the files that were necessary for bringing MVS up, a different
> (non-intersecting) set that was used (only) for "production" files, and
> another set that was for "normal user" files. Worked reasonably well,
> too -- despite some of the uglier interfaces available to folks who
> wanted to try to implement something like this.)
>
> Assuming that the product with which I retain some familiarity is the
> one in question, characterizing it as "where all syscalls are routed
> through the authentication subsystem before proceeding" is somewhat of
> an over-simplification (since only a few "resource managers" (as they
> were (are?) called) were present in the system -- OPEN/CLOSE/EOV was one
> of the first ones).
>
> However, I don't expect that additional details of RACF are likely to be
> of general interest to -hackers, so I'll spare further bandwidth on
> that... but I'm available as a resource for out-of-band discussions of
> RACF(-like) facilities.
>
> Cheers,
> david
> - --
> David Wolfskill dhw@whistle.com UNIX System Administrator
> voice: (650) 577-7158 pager: (888) 347-0197 FAX: (650) 372-5915
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-hackers" in the body of the message
>
> ------------------------------
>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199907070227.WAA83834>