How to: Configure passphrase and MFA support in the OMEGAMON 3270 Classic interface
In addition to using a regular password, you can also log on securely to the OMEGAMON 3270 Classic interface using a password phrase (passphrase) and multi-factor authentication (MFA). Some configuration steps are necessary to enable passphrase and MFA support for the OMEGAMON 3270 Classic interface. This topic explains how to perform this task using either Configuration Manager or PARMGEN.
Before you begin
On a 3270 screen, depending on the screen width, entering a long passphrase value into a field might require multiple lines. For example, if the screen width is 80 bytes, an input field would require multiple lines to support a value longer than 80 bytes. For a wider screen size, you can support a longer value on a single line, up to the available screen width.
About this task
- OMEGAMON for CICS (
C2
) - OMEGAMON for Db2 Performance Expert (
D2
) - OMEGAMON for IMS (
I2
) - OMEGAMON for z/OS (
M2
) - IBM Z OMEGAMON Monitor for z/OS (
M2
)
C2
, D2
, I2
, or M2
, depending on
the supported product. When passphrase support is enabled, the SAF security class is defined by
Kpp_CLASSIC_SECCLASS and the SAF
application ID is defined by Kpp_CLASSIC_SAFAPPL, where pp is
C2
, D2
, I2
, or M2
.- Kpp_CLASSIC_PASSPHRASE
- This parameter specifies the passphrase support setting for the OMEGAMON 3270 Classic interface.
Note: In the following figures, a ruler is shown on the screen. The ruler is included in the documentation for illustrative purposes only and is not displayed in the product.
- PARTIAL
- Passphrase support is enabled with the PASSWORD and NEW
PASSWORD fields each consisting of a single line. The minimum length of each of these
fields is 34 bytes, and the maximum length (which can be up to 100 bytes) depends on the screen
width. With this setting, the fields are aligned in the center of the screen, as shown in the
following
figure:
> Copyright 1980-2022 > IBM Corporation. All rights reserved. > Use permissible by license only. > ENTER USERID ==> PASSWORD ==> GROUP ==> NEW PASSWORD ==> Press F3 to exit logon |...+....1....+....2....+....3....+....4....+....5....+....6....+....7....+....8 12345678901234567890123456789012345678901234567890123456789012345678901234567890
Note: Passphrase support for the OMEGAMON 3270 Classic interface is introduced with APAR OA57133 (PTF UA98944). With the PARTIAL setting, the input field labels and placement are compatible with the screen layout before passphrase support was introduced. - MAX62
- Passphrase support is enabled with the PASSWORD and NEW
PASSWORD fields each consisting of a single line. The minimum length of each of these
fields is 62 bytes, and the maximum length (which can be up to 100 bytes) depends on the screen
width. With this setting, the fields are aligned at the left of the screen, as shown in the
following
figure:
> Copyright 1980-2022 > IBM Corporation. All rights reserved. > Use permissible by license only. > ENTER USERID ==> PASSWORD ==> GROUP ==> NEW PASSWORD ==> Press F3 to exit logon |...+....1....+....2....+....3....+....4....+....5....+....6....+....7....+....8 12345678901234567890123456789012345678901234567890123456789012345678901234567890
- FULL
- Passphrase support is enabled with the PASSWORD and NEW
PASSWORD fields each consisting of two lines. The value in the second line is
concatenated onto the end of the value in the first line. The length of the first line is 34 bytes
and the length of the second line is 66 bytes, allowing the maximum passphrase value of 100 bytes to
be entered. With this setting, the fields are aligned in the center of the screen, as shown in the
following
figure:
> Copyright 1980-2022 > IBM Corporation. All rights reserved. > Use permissible by license only. > ENTER USERID ==> PASSWORD ==> GROUP ==> NEW PASSWORD ==> Press F3 to exit logon |...+....1....+....2....+....3....+....4....+....5....+....6....+....7....+....8 12345678901234567890123456789012345678901234567890123456789012345678901234567890
- NO or NONE
- Passphrase support is not enabled. The lengths of the PASSWORD and
NEW PASSWORD fields are eight bytes each. With this setting, if you have
external security defined using a security exit, the fields are aligned in the center of the screen,
as shown in the following
figure:
> Copyright 1980-2020 > IBM Corporation. All rights reserved. > Use permissible by license only. > ENTER USERID ==> PASSWORD ==> GROUP ==> NEW PASSWORD ==> Press F3 to exit logon |...+....1....+....2....+....3....+....4....+....5....+....6....+....7....+....8 12345678901234567890123456789012345678901234567890123456789012345678901234567890
Note: If you do not have external security defined, none of the fields for credentials appear on the logon screen.
Use the following procedure to enable passphrase and MFA support for your OMEGAMON 3270 Classic interface. If you do not want to use passphrase or MFA when logging on to the OMEGAMON 3270 Classic interface, no configuration changes are needed.
Procedure
To enable passphrase support for your OMEGAMON 3270 Classic interface, perform the following steps for each of your supported OMEGAMON products. Use either of the following methods: