Unauthorized services used by the SAF registry
The System Authorization Facility (SAF) registry uses a number of unauthorized services from the C environment provided by LE (Language Environment®).
The following table lists the unauthorized services from LE C that the SAF registry uses,
and provides links to additional information in the z/OS® V2R1
documentation. These services are subject to BPX.DAEMON restrictions which are detailed in the
documentation linked to from the service calls associated with each method listed in the
table.
Method | Link to further information |
---|---|
|
Verify/Change User Password |
|
Reset Group Database to First Entry |
|
Get Group Database Entry |
|
Get Group Database Entry Functions |
NOTE: This method only works for users with defined
OMVS segments. |
Get Supplementary Group IDs by User Name |
|
Get Supplementary Group IDs by User Name |
|
Access the Group Database by ID |
|
Reset User Database Search |
|
Get User Database Entry |
|
User Database Functions |
|
Search Group Database for a Name |
|
Search User Database for a Name |
|
Register/Deregister/Authenticate a Digital Certificate |
Note: If the Liberty server is configured to
use SAF authorized services (see Activating and configuring the SAF registry on z/OS), then the following unauthorized services are not used:
- checkPassword: __passwd_applid
- isValidUser: getpwnam_r
- mapCertificate: __certificate