Security for ETO terminals

ETO provides dynamic LTERM support. You can dynamically create and allocate local LTERMs to a terminal session based on user signon or the application ISRT process. An LTERM can be associated with a specific user ID instead of a physical terminal. By associating an LTERM with a user ID, you prevent the wrong user from receiving messages at a physical terminal.

Related reading: For additional information about ETO security, see Planning a high-security environment with ETO in IMS Version 15.4 Communications and Connections.

The Initialization exit routine (DFSINTX0), which is called before IMS loads ETO descriptors, can cause user-defined security information to be loaded and made available to security exit routines. DFSINTX0 can also be used to request that IMS reverify new passwords during signon.

After calling DFSINTX0, IMS searches for and uses the following security exit routines in order:

1. Logon exit routine (DFSLGNX0)

   You can include the Logon exit routine (DFSLGNX0) in IMS.SDFSRESL when ETO is implemented. DFSLGNX0 is an installation exit routine. Among the other functions of DFSLGNX0, it enables you to do the following:

   • Allow or disallow a logon attempt based on criteria that you specify.
   • Create or modify the user data that you want IMS to pass to the Sign-on exit routine (DFSSGNX0).
2. Sign-on exit routine (DFSSGNX0)

   You can include the Sign-on exit routine (DFSSGNX0) in IMS.SDFSRESL when ETO is implemented. DFSSGNX0 is an user exit routine. Among its other functions, it enables you to allow or disallow a signon attempt based on any criteria that you specify.

   You can also use the DFSSGNX0 exit routine to dynamically create node user descriptors and to create a user structure name that is different from the user ID, using a suffix and the node name.

Related reading: For more information about DFSSGNX0, DFSLGNX0, DFSINTX0, see IMS Version 15.4 Exit Routines.