Defining LU-to-LU Session Keys
For VTAM® to verify LU-to-LU
security, you need to specify an LU's session key in the APPCLU profile.
The session key is a 1- through 16-digit hexadecimal value for the
SESSKEY keyword, following the SESSION operand. For example:
RDEFINE APPCLU AA1.LU01.AA1.LU02 UACC(NONE) SESSION(SESSKEY(1234CD5))
If the partner LU is also on a RACF-protected system, you need
to specify the same session key on the APPCLU profile for the partner
LU; for example:
RDEFINE APPCLU AA1.LU02.AA1.LU01 UACC(NONE) SESSION(SESSKEY(1234CD5))
You can include other SESSION keywords to specify the following:
- NOSESSKEY
- Delete an unneeded session key.
- LOCK
- Lock a profile to prevent sessions from being established for this LU.
- NOLOCK
- Unlock a locked profile to allow sessions to be established.
- INTERVAL(n)
- Set an interval (the number of days the session key is valid) where n is in the range 1 through 32767 and does not exceed a global limit specified by the SETROPTS SESSIONINTERVAL command.
- NOINTERVAL
- Specify no limit on the number of days the key is valid.
- NOSESSION
- Delete the SESSION segment.
You can change existing APPCLU profiles using the RALTER command. For more information about specifying SESSION keywords on the RDEFINE or RALTER commands, see z/OS Security Server RACF Command Language Reference.
When VTAM receives requests to establish a session with an LU that has an active session key, VTAM verifies that the requesting LU has a matching session key. If the requesting LU does not have a matching session key, VTAM and RACF® send appropriate messages.