Using audit support

This file gives an overview of how to use audit support.

Auditing is performed using SMF records issued by RACF or an equivalent External Security Manager. This means that SMF audit records are cut as part of the WebSphere use of SAF interfaces such as IRRSIA00 (to manage ACEEs) and the RACROUTE macro.

The table below lists the various security authentication mechanisms and the corresponding data that is written to each part of the ACEE X500NAME field (this data is also in the RACO and SMF records). The information under "Service Name" is the constant string that is included in the "Issuer's Distinguished Name" field of X500NAME. The information under "Authenticated Identity" is the principal that is recorded in the "Subject's Distinguished Name" field.

Security authentication mechanisms and the corresponding data that is written to each part of the ACEE X500NAME field
Authentication mechanism Service name Authenticated identity
Custom Registry WebSphere Custom Registry Custom registry principal name
Kerberos Kerberos for WebSphere Application Server Kerberos principal, in the "DCE" format used for extracting the corresponding MVS userid using IRRSIM00 (/.../realm/principal)
RunAs Rolename WebSphere Role Name Role name
RunAs Server WebSphere Server Credential MVS userid
Trust Interceptor WebSphere Authorized Login MVS userid
RunAs Userid/Password WebSphere Userid/Password MVS Userid


In addition to tracking by MVS userid, events need to be traced to an originating userid. This is especially true for originating userids that are not MVS-based, such as EJB Roles, Kerberos principals, and Custom Registry principals.


Related topics
MVS System Management Facilities (SMF)
z/OS Security Server RACF Auditor's Guide



Searchable topic ID:   rtrb_SMFusingaudit
Last updated: Jun 21, 2007 9:56:50 PM CDT    WebSphere Application Server for z/OS, Version 5.0.2
http://publib.boulder.ibm.com/infocenter/wasinfo/index.jsp?topic=/com.ibm.websphere.zseries.doc/info/zseries/ae/rtrb_SMFusingaudit.html

Library | Support | Terms of Use | Feedback