Skip to main content

UCTL_ACCESS - UCTL UACL entry

Description

A UCTL_ACCESS UACL entry either allows or denies access to Universal Control Server services.

If access is permitted, UCTL_ACCESS also specifies whether or not user authentication is required.

There are two forms of the UCTL_ACCESS entry based on the client identification method:

  • uctl_access form is for IP-based client identification.
  • uctl_cert_access is for X.509 certificate-based client identification.

A uctl_access UACL entry is matched if all of the following occur:

  • Request comes from an IP address identified by host.
  • Remote end is executing as user remote_user.
  • Remote user is requesting to execute a command as local user local_user.

A uctl_cert_access UACL entry is matched if both of the following occur:

  • Request comes from a client with a certificate identifier of certid.
  • Remote user is requesting to execute a command as local user local_user.

The first matching rule is used to control access.

See Universal Access Control List (UACL) for details on host, remote_user, local_user, and certid specification syntax.

Usage

Method

Syntax

IBM i

UNIX

Windows

z/OS

UACL File Keyword

uctl_access host,remote_user,local_user,access,auth

uctl_cert_access certid,local_user,access,auth

Values

Valid values for access are:

  • deny
    Service is denied. A message is returned to the remote end. The connection is closed.
  • allow
    Service is accepted and processed.

Valid values for auth are:

  • auth
    Local user account must be authenticated. The Manager must provide a proper password for the account.
  • noauth
    User ID provided by the Manager does not have to match the user process being stopped.
tip

Additionally, noauth specifies that the local user account does not require user authentication. The Manager still must supply a password to satisfy command syntax rules, but it will not be verified. Any password value will suffice.

tip

To set noauth via the Universal Configuration Manager, de-select Require matching local user account when you are adding or editing an Access ACL (uctl_access) entry.

info

noauth should be used with care. Turning off user authentication may violate your local security policies on the Server system.