Implementing Strong Password Encryption

To implement the Strong Password Encryption (SPE), you add an SPE record to the Connect:Direct® Secure Plus parameter file in the same way you would any remote node record. After you go through the following procedure and restart IBM Connect:Direct Secure Plus for z/OS®, the SPE feature will be in effect.

About this task

To add an SPE record to the IBM Connect:Direct Secure Plus parameter file and enable the SPE feature follow the procedure given below:
Note: After SPE is implemented, follow the procedure described in Disabling Strong Password Encryption to disable or remove encrypted passwords.

Procedure

  1. Select Edit from the Secure+ Admin Tool Main Screen and press Enter.
  2. On the Edit menu, select 1 to display the Secure+ Create/Update Panel and pressEnter.
  3. On the Secure+ Create/Update panel type .password in the Node Name field and press ENTER. This changes the screen to enable only fields that are appropriate for the .password record.
  4. On the SPE Parameters panel, type Y to the Enable SPE field
    and
    N to the disable SPE.
    Press Enter to enable SPE and finish creating the SPE record by clicking OK.
  5. Save the parameter file using the procedure in IBM Connect:Direct Secure Plus Operation Enablement and Validation.
  6. Restart IBM Connect:Direct Secure Plus for z/OS.
  7. To verify that IBM Connect:Direct Secure Plus for z/OS initialization is complete along with the SPE feature, after you restart IBM Connect:Direct Secure Plus for z/OS, review the task output for the following messages interspersed with the other initialization messages:
    SITA460I  Strong Password Encryption Initiated; CONNECT.CD.AUTH
    SITA462I  Strong Password Encryption Completed; CONNECT.CD.AUTH
    SITA460I  Strong Password Encryption Initiated; CONNECT.CD.TCQ
    SITA462I  Strong Password Encryption Completed; CONNECT.CD.TCQ	
    Note: These messages display even if no .PASSWORD record exists and no encryption is possible. If you return to the Secure+ Create/Update Panel - SPE Parameters screen where you enabled SPE, you should see (SPE currently in use) displayed to confirm that SPE has indeed been implemented.