About Security Managers

Security managers process the security queries generated by the ESF, and return either an allow, deny, or unknown status. You can configure multiple security managers in an installation's security manager pool. From the pool, you can create a default list of the security managers to use and lists for individual Enterprise Servers.

Note: Security managers are sometimes referred to as External Security Managers, or ESMs.

The ESF sends security queries to the security managers in the order in which they are configured in the list.

You configure Enterprise Server to:

Enterprise Server includes the following security managers that you can configure and use:

osesm
This security manager provides access to the Windows operating system's user configuration. You can use it to authenticate Windows users.
mldap_esm
This security manager allows you to integrate your Enterprise Server security with an LDAP. You can use mldap_esm with both Microsoft Active Directory, and other LDAPs, for example, OpenLDAP. With mldap_esm, you can implement access control for users, and for the resources and files that an application uses.
pam_esm
On Linux, this security manager provides access to the Pluggable Authentication Modules (PAM) framework. You can use it to authenticate Linux users.
vsam_esm
This security manager provides authentication and authorization using security data stored in COBOL indexed files. It is a simpler alternative to mldap_esm if you do not need a central repository of security data or some of the advanced features of mldap_esm. As of the 10.0 release, it is used to implement default security when the product is installed fresh, not upgraded from a previous release. See The Default Enterprise Server Security Configuration for more information.
MFDS Internal Security
Directory Server security can be implemented through the MFDS internal security manager. This security manager is used for Directory Server when no other security manager is present in its security manager list. It enables you to specify users and groups, and restrict access to Enterprise Server administration functions.
Note: MFDS Internal Security is now deprecated.Micro Focus recommends you use a security manager with vsam_esm instead.
CASESM
The CAS ESM Module (casesm) uses the Enterprise Server legacy security definitions which are stored in the CICS resource tables. This is the model used in Net Express or Server Express 5.0 and earlier.

This enables you to use any security configurations from Net Express or Server Express prior to release 5, which uses the current architecture.

Note: casesm can only be used within CAS and the CAS command-line utilities, and is ignored by MFDS, MFCS, and any non-CAS utilities such as esfadmin.

casesm is now deprecated.Micro Focus recommends you use a security manager with vsam_esm instead.

In addition to the above, security managers can be anything that processes the API security queries that the ESF generates, and that can return results to the ESF. You can develop a security manager to suit your requirements. A security manager could be a database, a directory, or an operating system mechanism.