Defining LU-to-LU Session Keys

For VTAM® to verify LU-to-LU security, you need to specify an LU's session key in the APPCLU profile. The session key is a 1- through 16-digit hexadecimal value for the SESSKEY keyword, following the SESSION operand. For example: 
RDEFINE APPCLU AA1.LU01.AA1.LU02 UACC(NONE) SESSION(SESSKEY(1234CD5))
If the partner LU is also on a RACF-protected system, you need to specify the same session key on the APPCLU profile for the partner LU; for example: 
RDEFINE APPCLU AA1.LU02.AA1.LU01 UACC(NONE) SESSION(SESSKEY(1234CD5))
You can include other SESSION keywords to specify the following:
NOSESSKEY
Delete an unneeded session key.
LOCK
Lock a profile to prevent sessions from being established for this LU.
NOLOCK
Unlock a locked profile to allow sessions to be established.
INTERVAL(n)
Set an interval (the number of days the session key is valid) where n is in the range 1 through 32767 and does not exceed a global limit specified by the SETROPTS SESSIONINTERVAL command.
NOINTERVAL
Specify no limit on the number of days the key is valid.
NOSESSION
Delete the SESSION segment.

You can change existing APPCLU profiles using the RALTER command. For more information about specifying SESSION keywords on the RDEFINE or RALTER commands, see z/OS Security Server RACF Command Language Reference.

When VTAM receives requests to establish a session with an LU that has an active session key, VTAM verifies that the requesting LU has a matching session key. If the requesting LU does not have a matching session key, VTAM and RACF® send appropriate messages.

Parent topic: Defining LU-to-LU Access Authority with RACF APPCLU Profiles