Signing On to a Single DTF from Multiple IUI Facilities
Not only can you sign on to multiple DTF facilities from a single CICS® IUI, but you can also sign on to a DTF from multiple CICS IUI systems. To sign on to a DTF from multiple CICS IUI systems, note the following:
- If you are using the DGASECUR
macro to generate your DTF security exit and provide a value for the
CICSID keyword at exit generation, all CICS systems
accessing that DTF must specify the same CICSID in their signon requests
as specified in the CICSID keyword. The password for the CICS signon to a DTF is always
- If the CICSID keyword is not specified in the DGASECUR macro, no checking of CICSIDs for CICS signon requests are performed in the signon exit; however, the CICSID value with a password of CICSIUI are passed to your security facility (if available) or to the IBM® Connect:Direct® Authorization Facility for validation. The CICSID to be used when signing on to a particular DTF is specified in the CICS DTF NODE configuration record for that DTF.
- The CICSID equals the userid that is specified on the DTF NODE RECORDS SCREEN. If you let CICSID default at installation time, the value is CICSUSER. For example, CICSID=CICSUSER.
- Reassemble the supplied security exit for the value to take effect.
- If you do not want to use the DGASECUR macro to generate your DTF security exit, you can recognize the Connect:Direct for z/OS® dummy signon by checking the password, which is always CICSIUI. When a dummy signon is received from Connect:Direct for z/OS, your security exit returns an Authorization Bit Mask (ABM) of binary zeros.
- To implement the CICS IUI on a base IBM Connect:Direct that has Stage 2 security turned on, modify the supplied security exit. The exit to be modified depends on which security product is running on the system.