EXTENDED SECURITY field (EXTSEC subsystem parameter)
The EXTSEC subsystem parameter specifies how two related security options are to be set. These settings control what happens when a DDF connection has security errors and whether RACF® users can change their passwords through the DRDA change password function.
| Acceptable values: | YES, NO |
|---|---|
| Default: | YES |
| Update: | option 46 on panel DSNTIPB |
| DSNZPxxx: | DSN6SYSP EXTSEC |
| Subsystem parameter: | Yes |
- YES
- Detailed reason codes are returned to a DRDA level 3 client when a DDF connection request fails because of security errors. When using SNA protocols, the requester must have included a product that supports the extended security sense codes. One such product is Db2 Connect.
RACF users can change their passwords by using the DRDA change password function. This support is only for DRDA requesters that have implemented support for changing passwords.
- NO
- Generic error codes are returned to the clients and RACF users are prevented from changing their passwords.
The EXTSEC subsystem parameter is a security-related parameter. When this parameter is set to YES, detailed reason codes are returned to the client when a DDF connection request fails because of security errors that might enable more malicious attacks. If this parameter is set to YES, RACF users can change their passwords by using the DRDA change password function.
The EXTSEC subsystem parameter also controls whether Db2 returns the security mechanism used in the thread-information when issuing the DSNL061I message. That is, Db2 returns the security mechanism only when YES is specified. For more information, see DSNL061I.