Security

The default security value for CPI Communications conversations is SAME (XC_SECURITY_SAME). In z/VM, two additional security levels, NONE (XC_SECURITY_NONE) and PGM (XC_SECURITY_PROGRAM) are available. z/VM provides a routine called Set_Conversation_Security_Type (XCSCST) that lets a program explicitly specify the security value for the conversation. The security type also can be set in side information by using the :security. tag.

When the security type is PGM, an access security user ID and password must be provided. They can be supplied on the :userid. and :password. tags in side information if :security.PGM has been specified there. These values can also be provided explicitly within a program by calling the z/VM-provided routines Set_Conversation_Security_User_ID (XCSCSU) and Set_Conversation_Security_Password (XCSCSP). The access security user ID associated with a conversation can be obtained with the Extract_Conversation_Security_User_ID (XCECSU) routine.

If there are concerns about placing security information in a file, the values can be provided in an APPCPASS statement in the virtual machine's CP directory. Entries in an APPCPASS statement do not override a value provided in either side information or on an explicit Set call.

Values provided on an explicit security Set call override any corresponding information in side information and take precedence over information in an APPCPASS statement for the conversation. However, when the security type is PGM, if only a user ID is provided or neither a user ID nor a password is provided either in side information or with an explicit Set call, then the CP directory is checked for an APPCPASS statement to supply the missing information. A CM_PRODUCT_SPECIFIC_ERROR occurs if the security type is PGM and only a security password is provided.

See z/VM: Connectivity for further information on the security types provided by z/VM.