When a remote system uses an SNA connection to communicate
with your CICS® system, it must first establish a session with
your system. That session is created by an exchange of flows called
a BIND. You can associate a password with the BIND. This process
is known as bind-time security, or LU-LU verification.
It enables each system to verify the identity of the other.
These
passwords are not sent between the two systems. Each system demonstrates
its knowledge of the password by being able to correctly encrypt random
numbers that are supplied by the partner, using the password as a
key. The bind is successful only when both systems can establish that
they have the same password.
Figure 1 shows the SNA flows
that are exchanged to support bind-time security. If either system
discovers that the encrypted value received is not the value that
is expected, it flows an SNA UNBIND request to the remote system,
and a session is not established.
Figure 1. The bind
password exchange
Bind passwords are set up in the SNA product that is
managing your SNA connectivity. Refer to your SNA product documentation
for a description of how to set the bind password for a connection.
Note: - Bind-time security is optional in the SNA LU 6.2 architecture.
Because it is optional, the remote systems to which you are connecting
might not support BIND passwords.
- To maintain maximum confidence in the identity of each connected
system, it is recommended that different bind passwords be used between
each pair of systems that you are configuring. However, when the number
of systems grows, this might become unmanageable. Therefore, unique
bind passwords are not a requirement of the SNA LU 6.2 architecture
and so are not enforced.
It is important that you are familiar with the
descriptions of bind security that are given in the documentation
for the SNA product that you are using.