ACCSEC command (X'106D')

The ACCSEC DDM command is used to determine the type of security checking that is performed when an application program on the source server connects to a database on the IMS target server.

The source server uses the ACCSEC command to negotiate with the IMS target server which type of security mechanism, as defined by the DDM architecture, is used for identification and authentication. IMS supports only the user ID and Password Security Mechanism (USRIDPWD) of the DDM architecture. The ACCSEC command must always precede the SECCHK command when any of the valid security mechanisms are active.

Format

Read syntax diagramSkip visual syntax diagramDSSHDRLLCPSECMECRDBNAM

Parameters

DSSHDR
The 6-byte header that contains information about the data stream structure (DSS).
LL
The length specified as a 2-byte binary integer. This length includes LL and CP.
CP
X'106D', the 2-byte codepoint of the ACCSEC command.
SECMEC
A required parameter that specifies the security mechanism that the source server uses when interacting with the IMS target server. IMS supports only the USRIDPWD security mechanism of the DDM architecture. To specify USRIDPWD enter a 2-byte binary number 3 in the SECMEC parameter.
RDBNAM

An optional parameter (X'2110') that contains the IMS PSB name that identifies the target database. The PSB name is a character string up to 8 bytes long. RDBNAM can optionally include the alias name of the IMS data store.

Usage

During the initial handshaking between the source and target DRDA servers, the source server must issue the EXCSAT command chained to the ACCSEC command.

In a successful exchange, the IMS target server returns the ACCSECRD reply data object in response to the ACCSEC command. The ACCSECRD reply object identifies the security mechanism that is used by the IMS target server to the source server. In a successful exchange, the value returned in the ACCSECRD reply object is the same as the value of the SECMEC parameter of the ACCSEC command.

If the IMS target server detects an error while processing the ACCSEC command, the ACCSECRD reply object contains the SECCHKCD parameter. In the ACCSECRD reply object, the SECCHKCD parameter has an implied severity code of ERROR. After an error, the ACCSEC command must be sent again before a SECCHK command can be sent to authenticate the connection.

Chained command objects

No command objects can be chained to the ACCSEC command.

Reply data objects

In response to the ACCSEC command, the IMS target DDM server can return to the source DDM server the following reply data objects:

ACCSECRD (X'14AC')
Access security reply data.

Error reply messages

In response to the ACCSEC command, the IMS target DDM server can return to the source DDM server the following reply messages:

Table 1. Possible reply messages for the ACCSEC command
Codepoint of reply message Name of reply message Meaning of reply message
X'121C' CMDATHRM Not Authorized to Command
X'1232' AGNPRMRM Permanent agent error
X'1233' RSCLMTRM Resource limits reached
X'123C' INVRQSRM Invalid request
X'124C' SYNTAXRM Data stream syntax error
X'1250' CMDNSPRM Command not supported
X'1251' PRMNSPRM Parameter not supported
X'1252' VALNSPRM Parameter value not supported
X'1254' CMDCHKRM Command check reply message
X'125F' TRGNSPRM Target not supported