Adding or modifying a user
To allow users to create accounts for themselves or for other users so they can use Z and I Emulator for Web sessions, select Allow users to create accounts on the Users/Groups window.
To modify a user, right-click the user and select Properties.
To add a user:
- Click Users/Groups in the Administration window.
- Click New User on the Users/Groups window.
- Enter the required information.
- User ID
- Type the User ID. The valid characters are A-Z, a-z, 0-9, $, #, @, . (period), and - (hyphen). When using LDAP, User IDs can be mixed case. When using Z and I Emulator for Web to store configuration information, User IDs are converted to lowercase characters. IDs must be unique. You cannot have a user ID and a group ID that are the same, even if one is in lower case and the other is in upper.
Note for Windows users: If your users logon to a Windows domain, you can allow them to logon to Z and I Emulator for Web using their Windows user name. This option is configured using the Deployment Wizard, and selecting Automatically log users on to Z and I Emulator for Web using Windows username. - Description
- Type a description of the user. You can use any character except | (vertical bar) and # (number or pound sign).
- New Password
- Type a password. You can use any character. A password is not required.
- Confirm Password
- Enter the password again.
- Disable Blank Passwords
- The administrator can set a specific property on the Z and I Emulator for Web Server to restrict the usage of blank passwords. A new property has been added in the config.properties file in Z and I Emulator for Web publish directory.
- Select one or more groups for the new user from the
Not a member of list and click Add. A user must be a member of at least one group.
If you are using LDAP, a user can be a member of only one group. Select the group that you want the user to be a member of. - If you do not want the user to be able to save preferences (changes that the user might make to a host session configuration), select Do not save preferences. This feature is useful for user IDs shared by more than one person.
- If you do not want the user to change the password, select User cannot change password.
- If you use native authentication, select Use Native Authentication and enter a user ID to be used for the authentication process.
- Click Apply. Repeat the steps above to create another user account.
- Click Close when you finish.
A check box option is provided on the new/edit user window for the administrator to enable RACF authentication for a new or existing user. By default RACF authentication is disabled. With this option enabled, you can now be authenticated by using the native authentication feature available on z/OS. Your Z and I Emulator for Web administrator can create or edit a Z and I Emulator for Web user to be RACF authenticated. The RACF authentication service on Z and I Emulator for Web allows users to logon to Z and I Emulator for Web using the native authentication feature available on z/OS. When a user logs on to Z and I Emulator for Web, their password is validated against the password stored in RACF (configured to LDAP on z/OS) rather than Z and I Emulator for Web password stored in LDAP under the user password attribute. When a user logs on:
- The user ID and password are sent to the Z and I Emulator for Web configuration server.
- The config server sends a LDAP query command to LDAP server and retrieves user information stored on the LDAP server.
- If the authentication type for that user is of the type RACF, Z and I Emulator for Web configuration server sends a bind request to that node (representing a Z and I Emulator for Web user) on LDAP.
- For a RACF user, LDAP server after receiving the bind request will determine that the user (node on ldap) is to be authenticated using the z/OS native authentication feature and forwards the request to RACF.
- RACF will compare the user password with the password in its own store and send back a bind response to the LDAP server. LDAP server sends back the bind response to Z and I Emulator for Web configuration server.
- Based on the bind response, configuration server will finally authenticate end users.