Specifying the Level of Conversation Security for VTAM
- Value
- Means VTAM will accept:
- NONE
- Requests that contain no security information (the default)
- CONV
- Requests with security information specified
- ALREADYV
- Requests with security information specified, and requests with an indication that security information is already verified (includes CONV). Use only between trusted LUs.
- PERSISTV
- Requests with security information specified, and requests with an indication of persistent verification. For more information about persistent verification, see Using Persistent Verification (PV).
- AVPV
- Requests with security information specified, and requests with indications of already verified or persistent verification.
APPL ACBNAME=LU02... SECACPT=CONV
The above statement tells VTAM to accept conversation requests for LU02 that have security information (user ID and password) such as TPA specifies.
Suppose the APPL definition for LU02 specified SECACPT=NONE instead of CONV, and TPA issues the same Allocate call, as shown in Figure 1. The security information for the outbound TP is greater than the SECACPT value of the partner LU. In such cases, the system downgrades or removes security information from the outbound Allocate request, so that the request matches the minimum security requirements for the partner LU. The results might not be what you expected for this conversation.
The SECACPT value that you specify on the VTAM APPL statement provides the default level of acceptable conversation security. You can override that level using the RACF® APPCLU profiles, as described in Defining Conversation Security Levels that Sessions Allow.