z/OS TSO/E Customization
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF

Customizing the logon and logoff process

z/OS TSO/E Customization

This chapter describes how you can customize the logon and logoff process to suit the needs of your installation.

If you want to allow TSO/E users to logon using passwords that are greater than 8 characters in length, you can select an alternate TSO/E logon panel that allows users to enter longer passwords, which are named password phrases or pass phrases. For details on how to activate the alternate logon panel, see Activating password phrase support. Starting with z/OS® Version 1 Release 12, TSO/E no longer syntax checks passwords. Instead they are passed directly to the security product for verification. This allows special characters to be entered that were not previously accepted by TSO/E. However, RACF® does not allow special characters other than the national characters (@, #, and $) so RACF users are not impacted by this change. For more information about the syntax rules RACF enforces for passwords, see the z/OS Security Server RACF Security Administrator's Guide.

If you want to use the APPL class in RACF to prevent TSO/E users from logging on to certain systems in a sysplex, there is an option in TSO/E for verifying that users are authorized to log on to the specific system that they are attempting to access. See Activating APPL verification for more information.

When users log on, they might receive a message notifying them that logon is in process. Customizing logon messages describes how to change how often the message occurs.

If a user supplies incorrect information when attempting to log on, TSO/E requests that the user reenter the information. Limiting the number of logon attempts explains how to change the number of times a user can unsuccessfully enter information before having to start over and reissue the LOGON command.

When a user disconnects from the system, the user's address space remains available for a certain period of time. While the address space is available, the user can reconnect without going through the logon process. Customizing the reconnect option of the LOGON command describes how to change the length of time a user's address space remains available.

Each time a user logs off, the system writes several messages to a SYSOUT data set. Because you rarely need to refer to the messages, you might want to send the SYSOUT data set to a class you can hold and later purge. For more information, see Suppressing the SYSOUT data set generated from the logon job.

You might want to review the factors that affect the performance of the logon process. For an overview of those factors, see Improving the performance of the logon process.

The TSO segment, which includes the TSO profile, will only be written to the RACF database if it has changed during the TSO/E session where the user is issuing LOGOFF.

With RACF installed, your installation can use security labels (SECLABELs). Users can specify a SECLABEL during logon. For an overview of security labels, see Using SECLABEL on the logon process.

TSO/E provides several exits that enable you to customize the logon and logoff processes. Using the exits, you can modify the logon process:
  • Before the logon prompt, using the pre-prompt exit IKJEFLD/IKJEFLD1
  • Before the display of the logon panel, using the pre-display exit IKJEFLN1
  • After the display of the logon panel, using the post-display exit IKJEFLN2
  • After the prompting has completed, using the post-prompt exit IKJEFLD3.
You can perform several functions to customize the logon process:
  • Verify, change, or supply various logon parameters
  • Modify JCL associated with the logon procedure
  • Reference or update various TSO/E control blocks.

For an overview of each logon exit and the different processing operations each exit performs, see Overview of logon exit processing.

TSO/E supports the authorized logoff exit, IKJEFLD2, to customize the logoff process. IKJEFLD2 allows your installation to perform clean-up operations and tasks. During logoff, IKJEFLD2 can:
  • Change certain data areas and control blocks
  • Control information written to the UADS data set
  • Issue the LOGOFF or LOGON command to control re-logons.

For more information about the logoff exit, see Writing a logoff exit (IKJEFLD2).

Also, you can customize the logon panels using the source provided. You can customize panels in a variety of ways, including adding or changing fields in a panel. See Customizing logon panels and logon help panels for more information on the logon panel modules.

You can also customize the logon help panels by using the source provided. See Logon help panel for more information on the help panel modules.

Go to the previous page Go to the next page

Copyright IBM Corporation 1990, 2014