Skip to main content

Functional overview

Mainframe Connector executes as an MVS subsystem, which receives notification of password changes and forwards them to a Bravura Pass server on the TCP/IP network. The Bravura Pass server validates the strength of new passwords, and may reject password changes on the host system. The Bravura Pass server also synchronizes passwords for users if they have been accepted by its own strength rules and by the host system security product.

The Mainframe Connector subsystem is also capable of listening for incoming requests from the Bravura Pass server, the Bravura Identity server, or the Bravura Privilege server. The incoming requests can be any of the following:

  • Verification of a specified userid/password combination.

  • Changing the password of a specified userid if the current password is valid.

  • Resetting the password of a specified userid if a supplied administrator userid/password combination is valid.

  • Providing feedback on all userid/username combinations defined to the security product database.

  • Expiring the password of a specified userid if a supplied administrator userid/password combination is valid.

  • Resetting and expiring the password of a specified userid if a supplied administrator userid/password combination is valid.

  • Revoking (suspending) access of a specified userid if a supplied administrator userid/password combination is valid.

  • Resetting revoked (suspended) status of a specified userid if a supplied administrator userid/password combination is valid.

  • Performing a revoke (suspend) status query for a specified userid if a supplied administrator userid/password combination is valid.

  • Resetting the password phrase of a specified userid if a supplied administrator userid/password combination is valid.

The mainframe listener does not support passphrase verification. If the mainframe is configured to use passphrase verification, the result is the mainframe listener does not return anything. That functionality is not available. Possible workarounds include:

  • Change the target configuration of the mainframe target so that verifications are only done through passwords, not passphrases

  • Take the mainframe target out of the Authentication list, so it does not attempt to verify through the mainframe target

  • Use the second option, but provide another target type that are a Source of Record so that the accounts have the ability to authenticate without depending on the mainframe.

Mainframe Connector , using its embedded Bravura Identity functions, supports the following Bravura Identity based protocols:

  • Create a new userid based on the attributes of a specified model userid

  • Create a new userid based on the attributes of a specified model userid and additional specified attribute values

  • Delete an existing userid

  • Provide feedback on the current attributes for a specified userid

  • Update, add, and delete attributes for a specified userid

If Mainframe Connector is running on a z/OS system that is using RACF or TopSecret as its security product, the following incoming requests are also supported:

  • Provide a list of all defined groups

  • Provide a list of all defined groups and their associated userids

  • Provide a list of the userids associated with specified groups

  • Add a userid to a group

  • Remove a userid from a group

The components of the Mainframe Connector user management system are shown below.

Figure 1. Components of the Mainframe Connector user management system
Components of the Mainframe Connector user management system


In this section: