Credentials files contain credentials that are used in outbound requests. The Redirector (REDIRSUPPORT IOHANDLER) and clients of the AUTHSUPPORT client interface can use credentials files.
Credentials files are created using the MAKECREDENTIALS utility. See the MAKECREDENTIALS section in the System Software Utilities Guide for information about creating credential files.
The MAKECREDENTIALS utility creates credentials files prefixed with the usercode and on the primary family of the MAKECREDENTIALS task. The credentials file has the following naming convention:
NXSERVICES/CREDENTIALS/<host>
The <host> portion of the name is derived from the <host> parameter to the MAKECREDENTIALS utility. When the host is an IP address or domain name, the embedded periods are replaced by the underscore (_) character. For example:
NXSERVICES/CREDENTIALS/TR-PRESTIJC NXSERVICES/CREDENTIALS/192_63_229_28
The credentials file contains the following information:
-
MCP usercode of the MAKECREDENTIALS task when the file was created
-
User name on the remote system
-
Password on the remote system
-
User log-on domain name (optional)
Using Credentials Files
If the MCP usercode stored as part of the credentials file does not match the usercode of the credentials file itself, the file is not used. The MCP usercode is stored and compared with the MCP usercode of the physical credentials file, preventing one user from using a credentials file created by another user.
A global credentials file, such as that created by an unusercoded run of MAKECREDENTIALS, is supported and contains a special usercode to match against the * usercode of the global credentials file.
This special usercode prevents a credentials file created by a specific user from being installed and used as a global credentials file or a global credentials file from being used as the credentials file for a specific user.
Global credentials permit
-
Unusercoded tasks to access a remote system using the credentials file mechanism
-
A default credentials file to be used for a set of users
The normal MCP file security rules govern whether the credentials file can be opened. In the first case, the unusercoded task is the owner of the file and access is granted based upon the owner's privileges. In the second case, the security attributes of the file govern whether a particular user can open the file; the file could be PUBLIC or GUARDED. In either case, a usercoded task first attempts to locate a credentials file under the appropriate usercode. If the file is not found, the search looks for a global file, using the normal MCP file search semantics.
