Authentication

In many systems, the user's authenticity is verified by checking a password supplied by the user.

In a system in which there is no possibility of a password being intercepted, this level of authentication may be sufficient; however, in an insecure network, it is possible that passwords can be intercepted, and used to impersonate legitimate users of the system.

In an environment where your applications may be accessed by users across the internet, and by users who are outside the control of your organization, a more secure method of authentication is required.

On the other hand, there are situations where a limited level of authentication is sufficient. If you have a client system that authenticates its users, and communicates with a server in a secure environment, you may not need to authenticate users at the server, but rely entirely on the client's authentication mechanisms.

CICS uses password verification to verify a user ID during the processes described here.

CICS enforces a full verification request at the first time each day that a user ID is used to log on to the CICS region or is verified through a VERIFY PASSWORD or VERIFY PHRASE command. The full verification request records the date and time of last access for the user ID, and writes user statistics. A full verification is also made if an incorrect password or password phrase is entered, and in the next successful request. In other cases, the command request uses a fastpath method to verify the password or password phrase. For details of the SAF interfaces used, see CICS security control points.