Conversation Security for an Incoming Allocation Request

A transaction program definition can specify that incoming allocation requests must supply a password and user ID. The password and user ID are optional parameters on the [MC_]ALLOCATE and [MC_]SEND_CONVERSATION verbs or the CPIC calls Set_Conversation_Security_UserID (CMSCSU) and Set_Conversation_Security_PassWord (CMSCSP). If a local transaction program definition specifies conversation security, the attach manager validates the password and user ID of incoming allocation requests. The attach manager rejects the allocation request if a user ID and password are not present, or if they do not match a valid combination of passwords and user IDs.

The attach manager checks the validity of any incoming allocation requests that arrive with a password and user ID, even if the transaction program definition specifies that conversation security is not required. The allocation request is rejected if the password and user ID do not match a valid combination in the list. Thus, if a password or user ID arrives in an allocation request, it is never ignored.