Adding or modifying a user
To allow users to create accounts for themselves or for other users so they can use
Z and I Emulator for Web sessions, select Allow users to create accounts
on the Users/Groups window.
To modify a user, right-click the user and select Properties.
To add a user:
- Click Users/Groups in the Administration window.
- Click New User on the Users/Groups window.
- Enter the required information.
- User ID
- Type the User ID. The valid characters are A-Z,
a-z, 0-9, $, #, @, . (period), and - (hyphen). When using LDAP, User IDs can be mixed case. When
using Z and I Emulator for Web to store configuration information, User IDs are converted to
lowercase characters. IDs must be unique. You cannot have a user ID and a group ID that
are the same, even if one is in lower case and the other is in upper.
- Type a description of the user. You can use any character except | (vertical bar) and #
(number or pound sign).
- New Password
- Type a password. You can use any character. A password is not required.
- Confirm Password
- Enter the password again.
- Disable Blank Passwords
- The administrator can set a specific property on the Z and I Emulator for Web Server to restrict the usage of blank passwords. A new property has been added in the config.properties file in Z and I Emulator for Web publish directory.
- Property Name = AllowBlankPassword
- Possible Values = "YES" or "NO"
- Default Value = "YES"
Note: All values other than NO will be considered as YES.
- If the property value is YES, the administrator can create users with a blank password and users can also change their passwords to be blank. This is the same and default behavior.
- When the Z and I Emulator for Web administrator sets the property value to NO in config.properties file, the administrator cannot create new users or edit existing users with password value set to blank. In this case, users also cannot change a password to be blank.
- Select one or more groups for the new user from the Not a member of list and
click Add. A user must be a member of at least one group.
||If you are using LDAP, a user can be a member of only one group. Select the group that
you want the user to be a member of.
- If you do not want the user to be able to save preferences (changes that the user might
make to a host session configuration), select Do not save preferences. This feature
is useful for user IDs shared by more than one person.
- If you do not want the user to change the password, select User cannot change
- If you use native authentication, select Use Native
Authentication and enter a user ID to be used for the authentication process.
- Click Apply. Repeat the steps above to create another user account.
- Click Close when you finish.
A check box option is provided on the
new/edit user window for the administrator to enable RACF authentication for a
new or existing user. By default RACF authentication is disabled. With this
option enabled, you can now be authenticated by using the native authentication
feature available on z/OS. Your Z and I Emulator for Web administrator can create or
edit a Z and I Emulator for Web user to be RACF authenticated. The RACF authentication
service on Z and I Emulator for Web allows users to logon to Z and I Emulator for Web using the
native authentication feature available on z/OS. When a user logs on to Z and I Emulator for Web, their password is validated against the password stored in RACF
(configured to LDAP on z/OS) rather than Z and I Emulator for Web password stored in LDAP
under the user password attribute. When a user logs on:
- The user ID and password are sent to the Z and I Emulator for Web
- The config server sends a LDAP query command to LDAP server
and retrieves user information stored on the LDAP server.
- If the authentication type for that user is of the type
RACF, Z and I Emulator for Web configuration server sends a bind request to that
node (representing a Z and I Emulator for Web user) on LDAP.
- For a RACF user, LDAP server after receiving the bind
request will determine that the user (node on ldap) is to be
authenticated using the z/OS native authentication feature and forwards
the request to RACF.
- RACF will compare the user password with the password in
its own store and send back a bind response to the LDAP server. LDAP
server sends back the bind response to Z and I Emulator for Web configuration
- Based on the bind response, configuration server will
finally authenticate end users.