LOGON

Read syntax diagramSkip visual syntax diagramLogonLogin userid password1 ACcountnnnnnnnnAPLBYbyuseridCHANGEHEREIplvdevsysnameNOiplMACHineESAXAXCZNORUNQUIETSEClabelssssssssStoragenuTEXTFALLBack# console_input_data
Notes:
  • 1 The password operand is not accepted if password suppression is active.

Authorization

Privilege Class: Any

Purpose

Use LOGON or LOGIN to access the virtual console of the specified virtual machine (userid).

Operands

userid
is the identifier assigned to you in the system directory.
password
is the word or phrase that proves your identity to the system. If you omit password, the system will prompt you for it.

Passwords longer than 8 characters or that contain special characters such as blanks, called password phrases, are permitted only when an external security manager (ESM), such as RACF®, is used. Check with your system administrator to find out if an ESM is in use and if it is configured to allow password phrases. Refer to Usage Notes for more information about passwords.

ACcount nnnnnnnn
specifies an alternate account number to be assigned to your virtual machine at logon time. This account number must be valid in order for the LOGON command to be completed successfully. If you do not specify this option, the primary (or first) account number specified in your entry in the system directory is used.
APL
specifies that upon successful completion of the user logon, the control program is to use an APL or TEXT translation table for translating console input and output rather than the standard translation table. This option of the LOGON command provides the same function as the TERMINAL APL ON or the TERMINAL TEXT ON commands.
BY byuserid
specifies a BYUSER for the user ID. The password of the BYUSER is used for LOGON authorization checking for the user ID. The BYUSER must be listed on a LOGONBY statement in the directory entry for the user ID to use the BY operand. Refer to usage note 11 for information on ESM considerations.
CHANGE
specifies the user wishes to change their password. If your system is configured with an ESM, you may be able to use the CHANGE operand to enter into a change password dialog. If your system does not use an ESM or if the ESM does not support the CHANGE operand, the operand is ignored.
HERE
specifies that if this user ID is already logged on, it should be disconnected from its current terminal and reconnected at the terminal where this logon is requested.
Ipl vdev
Ipl sysname
specifies the virtual device number or named saved system that you want IPLed upon completion of your logon processing. This option overrides the IPL statement (if any) specified in your entry in the system directory. The validity of the IPL operand you specify is determined by the IPL command processor after your logon is completed; it is not verified as part of the LOGON command processing.
NOipl
specifies that the IPL device specified in your entry in the system directory should not be used for an automatic IPL.
MACHine ESA
MACHine XA
MACHine XC
MACHine Z
specifies the mode (architecture) of the virtual machine. This option overrides the MACHINE statement (if any) that is specified in your entry in the system directory. For further information on the MACHINE directory statement, see z/VM: CP Planning and Administration.

ESA designates ESA/390 (31-bit) architecture. An ESA virtual machine initially operates in ESA/390 architecture; the guest can switch the virtual machine between ESA/390 and z/Architecture.

XA is supported for compatibility and is functionally equivalent to ESA.

XC designates ESA/XC architecture. An XC virtual machine initially operates in ESA/XC architecture; the guest can switch the virtual machine between ESA/XC and z/XC.

Z designates a guest that executes only in z/Architecture® mode.

See usage note 22.

NORUN
specifies that upon successful completion of the user logon, the virtual machine is placed in a terminal CP READ state, and RUN is set OFF.
QUIET
suppresses the display of all informational LINK messages, system log messages, and information regarding spooled virtual reader, printer, and punch files.
SEClabel ssssssss
specifies that the user is requesting to logon with a specific security label, identified by ssssssss. ssssssss is specified as a 1- to 8-character alphanumeric value. This operand is valid only when an ESM is installed and security label checking is enabled. For additional information, contact your security administrator.
Storage nu
specifies an alternate storage size to be assigned to your virtual machine. The storage size is specified in the form nu, where n is a 1- to 8-digit decimal number and u is the 1-character storage unit suffix:
Table 1. Maximum Input Values for Storage Units
Storage unit Suffix (u) Maximum input value (n)
Kilobytes K 99999999
Megabytes M 99999999
Gigabytes G 99999999
Terabytes T 16777216
Petabytes P 16384
Exabytes E 16
Notes:
  1. A K specification is rounded up to a MB value.
  2. The maximum input value of 99999999 for the K, M, or G suffix is not a size limit but the physical limit of the operand (8 digits plus suffix). If the maximum input value for one of these suffixes does not allow you to define the amount of storage you want, you need to use a larger storage unit.
  3. An ESA/XC virtual machine can address up to 2 GB of storage in its base address space.
  4. The value you specify for this option must be valid in order for the logon to be completed successfully. If you do not specify a value, the storage size defined in the user directory entry for your virtual machine is used. The maximum allowed value is the maximum storage size defined in the user directory entry for your virtual machine. The maximum cannot exceed a processor-specific limit imposed at run time.
TEXT
specifies that upon successful completion of the user logon, the control program is to use an APL or TEXT translation table for translating console input and output rather than the standard translation table. This option of the LOGON command provides the same function as the TERMINAL APL ON or the TERMINAL TEXT ON commands.
FALLBack
specifies that the user wants to perform a fallback logon.

This parameter is only relevant if an external security manager (ESM) is installed and the ESM supports this operand. Further processing may depend on ESM configuration, user authorization, or other factors. Refer to your ESM documentation for further information.

#console_input_data
is data that you want used as virtual console input in response to the first read your virtual machine issues. You may use the remainder of the command line to enter console data. The entire line, including any logical-line-end characters (#), is passed to your virtual machine.
Note: # refers to whatever logical-line-end character is the current system default.

Usage Notes

  1. Upon a successful logon, CP creates your virtual machine configuration based upon information contained in the system directory.
  2. Except for recognizing the system default logical-line-end character as the delimiter preceding a console_input_data operand, line-editing is not performed on any of the fields of the system logon screen or on responses to prompts before logon completes successfully.
  3. A virtual machine is allowed to log on even though the number of users already logged on is equal to or greater than the maximum allowed by the MAXUSERS operand of the FEATURES system configuration statement or by the SET MAXUSERS command if the user directory for the virtual machine was created using the IGNMAXU operand of the OPTION directory statement.
  4. For compatibility, z/VM® continues to accept the XA virtual machine designation. However, whether the virtual machine is defined as XA or ESA makes no difference when running on z/VM. A virtual machine defined as XA has the capabilities of an ESA virtual machine and is considered to be an ESA virtual machine simulating the ESA/390 architecture (or z/Architecture, if a guest has issued the instruction to change the architecture of the virtual machine).
  5. CP does not support System/370 architecture (370 mode) virtual machines. If a LOGON is attempted for a virtual machine whose directory entry specifies 370 mode, the LOGON command is completed, but the virtual machine is set to XA mode instead of 370 mode. Message HCP1512E is issued to inform the user.
  6. If a LOGON is attempted for a virtual machine whose directory entry specifies z/Architecture-only mode, but the relocation domain does not support that mode, the LOGON command is completed, the virtual machine is set to ESA mode instead, and message HCP1512E is issued to inform the user.
  7. If you were disconnected from your virtual machine because of a console error, you have an installation-defined grace period (usually up to 15 minutes) to log on again. If you do not log on within the grace period, your virtual machine is automatically logged off. If this happens, you may have to reconstruct files and restart jobs that were interrupted by the error.
  8. When you enter the LOGON command to reconnect to your virtual machine, the options NOIPL, IPL, ACCOUNT, MACHINE, SECLABEL, and STORAGE are ignored. If you enter any of these options, you receive an informational message and the value is not changed. The console-input data line is also ignored.
  9. If your virtual machine is running in disconnected mode, and you enter the LOGON command to reconnect your console, certain SET and TERMINAL command operands are forced OFF. You can enter the QUERY SET and QUERY TERMINAL commands to check which functions are currently active.
  10. If you or a system administrator has used the COMMAND directory statement to specify commands that will be automatically issued when a virtual machine is logged on, be aware that you may receive additional responses as a result of those commands whenever you log on. See the COMMAND directory statement in z/VM: CP Planning and Administration for more information.
  11. When an ESM such as RACF is installed, it may have other authorization criteria defined that completely replace those provided by the LOGONBY directory statement. Refer to the documentation provided with your ESM for more information.
  12. Users defined with the LBYONLY operand in the password field of their USER or IDENTITY statement in the system directory may be restricted from performing functions that require password validation. If an ESM is not installed, a LOGON of a user defined with the LBYONLY operand can be done only by an authorized user using the BY option of the LOGON command. A user defined with the LBYONLY operand is not allowed to log on to any user ID using the LOGON command with the BY option. If an ESM is installed, refer to the documentation provided with your ESM for more information.

    Refer to the USER Directory Statement or IDENTITY Directory Statement in z/VM: CP Planning and Administration for more details on the LBYONLY operand.

  13. If your installation is using the password suppression facility for the LOGON command (controlled by the PASSWORDS_ON_CMDs operand of the FEATURES system configuration statement or by the SET PASSWORD command), you cannot specify your password on the command line. You must wait for the ENTER PASSWORD prompt before you type in the password. The password is automatically masked, thus improving system security. If your installation is not using the password suppression facility for the LOGON command, you can specify your password on the command line, or you can wait for the ENTER PASSWORD prompt before you type in the password.
  14. If the password suppression facility is not active for the LOGON command, allowing passwords to be specified on the command, user logon passwords defined in the system directory cannot be identical to any of the LOGON command options.
  15. User IDs that are defined with the NOPASS operand are able to logon without password authorization, unless an ESM is installed. When an ESM is installed, password authorization may be required despite the NOPASS operand. Refer to the documentation provided with your ESM for more information.
  16. Passwords are restricted to a maximum of 8 characters in length unless an ESM is used. In that case, the ESM may permit passwords up to 200 characters in length. The RACF Security Server for z/VM supports passwords up to 100 characters in length. Refer to the documentation provided with your ESM to determine the maximum.
  17. You must surround the password with single quotation marks or omit it entirely when it begins with a single quotation mark, begins or ends with a blank, or is entered on the command line and contains one or more blanks. You must use double quotation marks that are part of the password when the password is quoted. See Examples.
  18. Long passwords and password phrases can contain any character between X'00' and X'FF'. This range includes all upper and lower case characters, blanks, and special characters. Using characters less than X'40' is not recommended. Even though CP supports all characters, your ESM may restrict the use of some characters.
  19. The disconnect performed when the HERE option is specified may take significant time to complete because of the attempt made to process the disconnect even in the case of a hung terminal.
  20. The NORUN option is intended when RUN is set ON for users who wish to reconnect and get into CP READ. However, the option is always accepted with no effect in cases other than when RUN is set ON. The option is particularly helpful for users who need to enter CP commands and who are in full-screen mode with no break-key and with RUN set ON. These users can power-off their terminals to be disconnected and then reconnect using LOGON with NORUN.
  21. When a z/VM system is running in a Single System Image (SSI) configuration, and an External Security Manager (ESM) has enabled checking of Mandatory Access Controls (MAC), the SECLABEL operand is not allowed for virtual machines defined by an IDENTITY statement in the z/VM User Directory.
  22. An ESA (or XA) virtual machine will be put into either full ESA/390 mode or ESA/390 compatibility mode, depending on the level of ESA/390 capability available in the machine where the virtual machine is logged on or in the virtual machine's relocation domain. ESA/390 compatibility mode allows a subset of ESA/390 functionality sufficient for CMS and GCS, but lacks advanced functions like dynamic address translation (DAT). For details on ESA/390 compatibility mode, see z/Architecture Principles of Operation.

Responses

Response 1:

  • 3270 Display Version: 
    ENTER PASSWORD (It will not appear when typed):
    This version of the password prompt is used for 3270 family displays. It indicates that your user ID has been accepted. Enter your password.
  • Line-Mode ASCII Version: 
    ENTER PASSWORD:
    This version of the password prompt is used for line-mode ASCII terminals. It also indicates that your user ID has been accepted. Enter your password.
Response 2: 
z/VM Version v Release r.m, Service Level yynn (64-bit),
built on IBM Virtualization Technology
v
is the software version level.
r.m
is the release and modification level.
yynn
is the service level which identifies the most recent RSU service tape that has been applied, where yy is the last two digits of the year and nn is the sequential number of the RSU tape for that year.
Response 3: 
LOGMSG - hh:mm:ss zone day-of-week mm/dd/yy
indicates the time and date at which the system log message was recently revised and is displayed only when there are log messages to be displayed. All lines of the log message for which the first character is an asterisk are displayed. If you wish to see all of the system log messages, enter the QUERY LOGMSG command.
hh:mm:ss
is the time when the log message was last updated.
zone
is the time zone.
day-of-week
is the day when the log message was last updated.
mm/dd/yy
is the month/day/year when the log message was last updated.

Response 4:

FILES: nnnn  RDR, nnnn  PRT, nnnn  PUN
         NO         NO         NO
where nnnn is the number of spool files of each type.

Response 5:

One of the following appears, indicating the time, day of the week, and date at which the logon or reconnect is complete. 
LOGON AT hh:mm:ss zone weekday mm/dd/yy
RECONNECTED AT hh:mm:ss zone weekday mm/dd/yy

For the value of the variable fields, see Response 2.

Response 6:

One of the following is the response to the primary system operator. 
{type {rdev}} LOGON AS userid   USERS = nnnnn  [FROM ipadr]
{     {ldev}}
{luname     }
{SYSC       }
{type   {rdev}}  RECONNECT userid  USERS = nnnnn  [FROM ipadr]
{       {ldev}}
{luname       }
{SYSC         }
{type {rdev}} LOGON AS userid USERS = nnnnn BY byuserid  [FROM ipadr]
{     {ldev}}
{luname     }
{SYSC       }
{type {rdev}}  RECONNECT userid USERS = nnnnn BY byuserid
{     {ldev}}
{luname       }
{SYSC         }
type
is the display type.
rdev
ldev
is the real or logical device number of the user's display.
luname
identifies an SNA/CCS terminal controlled by a VTAM® service machine. It is the name from the VTAM definition of the terminal as an SNA logical unit.
SYSC
identifies the system console.
userid
identifies the user ID of the virtual machine that just completed logging on to the system.
USERS = nnnnn
is the number of users on the system.
FROM ipadr
is the IP address.

An IPv4 address is displayed in dotted-decimal format.

Example: 9.130.44.144

An IPv6 address is displayed in compressed format (:: designates multiple 16-bit groups of zeros).

Example: The following is an IPv6 address: 
F802:0000:0000:0000:0000:0000:0A00:0001
This address is displayed in compressed format as: 
F802::A00:1
BY byuserid
identifies the user ID that logged on the virtual machine. This information is only provided when the LOGON command is entered with the BY operand.

Response 7:

DISCONNECT AT hh:mm:ss zone weekday mm/dd/yy BY LOGON FROM {type{rdev}}
                                                           {    {ldev}}
                                                           {luname    }
                                                           {SYSC      }
is the response sent to the terminal from where your user ID is disconnected prior to processing a reconnect.
type
is the display type.
rdev
ldev
is the real or logical device number of the terminal from where the LOGON was entered with the HERE option.
luname
identifies an SNA/CCS terminal controlled by a VTAM service machine. It is the name from the VTAM definition of the terminal as an SNA logical unit.
SYSC
identifies the system console.

Response 8:

DISCONNECTED FROM {type  {rdev}}
                  {      {ldev}}
                  {luname      }
                  {SYSC        }
is the response you receive when your user ID is disconnected from another terminal prior to reconnecting.
type
is the display type.
rdev
ldev
is the real or logical device number of the terminal from where the user was disconnected.
luname
identifies an SNA/CCS terminal controlled by a VTAM service machine. It is the name from the VTAM definition of the terminal as an SNA logical unit.
SYSC
identifies the system console.

Response 9:

{type{rdev}} DISCONNECT userid USERS=nnnnn BY LOGON FROM {type{rdev}}
{    {ldev}}                                             {    {ldev}}
{luname    }                                             {luname    }
{SYSC      }                                             {SYSC      }
is the response sent to the primary system operator when a disconnect for your user ID is performed prior to a reconnect.
type
is the display type from where the user was disconnected.
rdev
ldev
is the real or logical device number of the terminal from where the user was disconnected.
luname
identifies an SNA/CCS terminal controlled by a VTAM service machine. It is the name from the VTAM definition of the terminal as an SNA logical unit.
userid
is the user ID of the virtual machine for which the disconnect and log on was requested.
USERS = nnnnn
is the number of users remaining on the system after the disconnect is performed
FROM type
is the display type from where the LOGON command was issued.
rdev
ldev
is the real or logical device number of the terminal from where the LOGON command was entered.
luname
identifies an SNA/CCS terminal controlled by a VTAM service machine. It is the name from the VTAM definition of the terminal as an SNA logical unit.
SYSC
identifies the system console.

Examples

Example 1:

If you enter LOGON with a password that contains one or more blanks, you must surround it in single quotation marks to preserve any mixed-case characters and imbedded blanks. 
logon alan 'now is the time for all good men' noipl

Example 2:

When you attempt to enter a password containing one or more single quotation marks, they must be entered as 2 single quotation marks. 
logon mike 'That''s Great!'

Messages

  • HCP003E Invalid option - option
  • HCP007E Invalid userid - userid
  • HCP013E Conflicting option - option
  • HCP020E Userid missing or invalid
  • HCP024E Cylinders or blocks missing or invalid
  • HCP025E Storage missing or invalid
  • HCP026E Operand missing or invalid
  • HCP040E Device {rdev|vdev|ldev} does not exist
  • HCP042E User userid spoolid nnnn does not exist
  • HCP045E userid not logged on
  • HCP046E type rdev offline
  • HCP050E LOGON unsuccessful--incorrect userid and/or password
  • HCP052E Error in CP directory
  • HCP054E Already logged on {GRAF rdev|GRAF ldev|luname|DISC|SYSTEM sysname|SYSC}
  • HCP054E LOGON not permitted because the SSI cluster is not in STABLE mode.
  • HCP054E LOGON not permitted because the system has not completed initialization.
  • HCP067E Command format not valid
  • HCP067E Command format not valid. SECLABEL operand is not allowed for this user.
  • HCP090I Device vdev not defined; {rdev|volid} not available
  • HCP091E DASD vdev not defined; temp space not available
  • HCP093E Storage size requested reqsize exceeds maximum allowed on this processor maxsize. Size set to maximum allowed.
  • HCP094E Storage exceeds allowed maximum of maximum {M|K}
  • HCP095I Device vdev is not defined because the maximum number of devices is already defined.
  • HCP101E DASD vdev forced R/O; R/O by {nnnn users|userid|userid at sysname|userid ADJUNCT|userid ADJUNCT at sysname}[; stable by {nnnn users|userid|userid at sysname|userid ADJUNCT|userid ADJUNCT at sysname}]
  • HCP102E DASD vdev forced R/O; R/W by {nnnnn users|userid|userid at sysname|userid ADJUNCT|userid ADJUNCT at sysname}[; stable by {userid|userid at sysname|userid ADJUNCT|userid ADJUNCT at sysname}]
  • HCP103E DASD vdev forced R/O; R/W by {nnnnn users|userid|userid at sysname|userid ADJUNCT|userid ADJUNCT at sysname}, R/O by {nnnnn users|userid|userid at sysname|userid ADJUNCT|userid ADJUNCT at sysname}[; stable by {userid|userid at sysname|userid ADJUNCT|userid ADJUNCT at sysname}]
  • HCP104E userid vdev not linked; R/O by {nnnnn users|userid|userid at sysname|userid ADJUNCT|userid ADJUNCT at sysname }[; stable by {nnnn users|userid|userid at sysname|userid ADJUNCT|userid ADJUNCT at sysname}|exclusive by {userid|userid at sysname|userid ADJUNCT|userid ADJUNCT at sysname}]
  • HCP105E userid vdev not linked; R/W by {nnnnn users|userid|userid at sysname|userid ADJUNCT|userid ADJUNCT at sysname}[; stable by {userid|userid at sysname|userid ADJUNCT|userid ADJUNCT at sysname}|exclusive by {userid|userid at sysname|userid ADJUNCT|userid ADJUNCT at sysname}]
  • HCP106E userid vdev not linked; R/W by {nnnnn users|userid|userid at sysname|userid ADJUNCT|userid ADJUNCT at sysname}, R/O by {nnnnn users|userid|userid at sysname|userid ADJUNCT|userid ADJUNCT at sysname } [; stable by {userid|userid at sysname|userid ADJUNCT|userid ADJUNCT at sysname}]
  • HCP107E userid vdev not linked; not in CP directory
  • HCP108E userid vdev not linked; volid volid not mounted
  • HCP109E userid vdev not linked; {Excessive link indirections|invalid link device}
  • HCP110E userid vdev not linked; type vdev already defined
  • HCP117E Userid userid not linked; volid volid conflict
  • HCP174E Paging I/O error; IPL failed
  • HCP196I Secondary user not in CP directory
  • HCP205I The virtual=real area is not available because it was not generated.
  • HCP264I One or more options are ignored during reconnect processing – option(s)
  • HCP266E An account number was not supplied or is invalid.
  • HCP288E LOGON from the initial screen was unsuccessful
  • HCP298E userid vdev not linked; request denied
  • HCP361E LOGOFF/FORCE pending for user userid
  • HCP365I Requested language langid is unavailable. Language langid set. RC=rc
  • HCP413E Command processing cannot complete due to a spool paging error.
  • HCP475I Fatal I/O error trying to read directory from volid { for user userid}
  • HCP799E IPL failed due to insufficient or faulty storage
  • HCP844E The device is not defined due to an invalid control unit type.
  • HCP849E A userid must be specified with the spoolid
  • HCP1015E Insufficient storage is available to satisfy your request.
  • HCP1128E FCP vdev not attached; USERACCESSID not supported on this device.
  • HCP1150E DASD {rdev|vdev} is not a valid base exposure.
  • HCP1151E userid vdev has not been linked because it is not within CP volume cylinder extents.
  • HCP1152E userid vdev has not been linked because it would overlap system {spool|paging|temporary disk} space
  • HCP1401I Expanded storage is not supported.
  • HCP1454E CPU nn does not exist.
  • HCP1501E An accounting error was encountered.
  • HCP1502E The directory entry for this userid is in use.
  • HCP1505I The device being used for LOGON conflicts with the console definition in the directory.
  • HCP1510I Device vdev not defined; device vdev already defined
  • HCP1512E The System/370 machine mode was requested, but CP does not support System/370 mode virtual machines; the machine mode will be set to XA instead.
  • HCP1512E The z/Architecture-only machine mode was requested, but is not supported in this relocation domain. The machine mode will be set to ESA instead.
  • HCP1513E Log on already in progress on {GRAF rdev|GRAF ldev|luname|SYSC}
  • HCP1558E Command processing cannot complete.
  • HCP1615E IPL LOADDEV|DUMPDEV failed because not all necessary parameters have been set.
  • HCP1700I One or more virtual CPUs are not defined due to an error in the CP directory.
  • HCP1830I Virtual architecture has been adjusted to permit AP Dedicated Crypto facilities not allowed in the assigned or default relocation domain.
  • HCP2094I Requested ABSOLUTE I/O priority range falls outside range currently allowed by CP and has been changed to fit within CP's range.
  • HCP2550I The console has been defined as a 3215 because a console mode of 3270 is not supported by the VTAM Service Machine controlling the real terminal.
  • HCP2551E The console has been defined as a 3215 because the real device is not a 3270 display.
  • HCP2553E TERMINAL BRKKEY name is not allowed during this session; it has been changed to PA1.
  • HCP2554E TERMINAL BREAKIN GUESTCTL is not allowed during this session; it has been changed to IMMED.
  • HCP2808E User ID is a CF Service Machine and may not be started by the LOGON command.
  • HCP2880E userid vaddr is not linked, CSE LINK I/O error, code cc.
  • HCP3224I NICDEF network configuration is ignored due to the current setting of VMLAN DNA.
  • HCP6050E Your userid is not authorized to logon userid userid.
  • HCP6053E You cannot issue the {LOGON|AUTOLOG|XAUTOLOG} command because the maximum number of users allowed is already logged on.
  • HCP6059I One or more devices were not defined because an error occurred while reading the CP directory.
  • HCP6525E External Security Manager is unavailable.
  • HCP6704E Missing token at end of line