Stage 2 Security Exit

This control point applies to all environments and is implemented as a user-supplied exit. It provides a standard interface for user ID and password verification and for establishing IBM® Connect:Direct® functional authority and file access verification. Although you can use it for many different purposes, the stage 2 security exit is designed to provide the interface to your security system. You can also use it to invoke an exit to test new applications and customer connections. For more information, see Process Exit for Testing (DGAXPRCT).

The following requirements and restrictions apply:

  • The stage 2 security exit is implemented as an executable load module.
  • The name of the load module is user-defined, but it cannot conflict with any IBM Connect:Direct load modules.
  • Specify the SECURITY.EXIT initialization parameter to activate the stage 2 security exit. This parameter also specifies whether the exit is used for ALL security checking or just DATASET access validation.
  • You must link-edit the module as re-entrant and reusable and place it in a load library that the IBM Connect:Direct DTF can access. Do not specify NCAL. For more information, see IBM Connect:Direct Exits.
  • To prevent a remote node's security from using Signon dummy passwords, you can use the initialization parameter, REMOTE.DUMMY.PASSWORD. See REMOTE.DUMMY.PASSWORD=[ YES | INTERNAL ] for more details.
  • Because information passed to the exit by IBM Connect:Direct is located above the 16-megabyte line, you must link-edit the module with AMODE 31 to make it capable of executing in 31-bit mode. Also, you must use RMODE 24 for PARM validation to work properly. You must link-edit the module as re-entrant and reusable and place it in a load library that the IBM Connect:Direct DTF can access. Do not specify NCAL. Use SDGAJCL member DGAJSAF to perform assembly and link. For more information, see IBM Connect:Direct Exits.