It can sometimes be necessary for the local CICS® region to send a password and user ID to a remote system.
This can occur if the CICS region is acting as a client
gateway to a CICS for MVS/ESA host, and you want to control all security with RACF® on
the host. It can also be needed when you need to implement user security,
but your SNA product does not support sending already_verified user
IDs.
To configure CICS to send passwords:
- Create a DFHCCINX user exit that will cause CICS to
save passwords received from clients.
- Configure the CD entry for the connection to the remote system
to enable the local region to send the password.
Note: - Whenever CICS saves the password in storage, it encrypts
the password. However, if SNA is used to flow passwords, they are
sent over the SNA network in plain text as required by the SNA architecture.
- Only the CICS Transaction Gateway software can be used when the user ID and password are to flow to
another system.
The DFHCCINX parameters that determine whether
to save the password are:
- CICS_CCINX_PSWD_CHECK_AND_DROP (the default)
- CICS_CCINX_PSWD_CHECK_AND_KEEP
- CICS_CCINX_PSWD_IGNORE_AND_DROP
- CICS_CCINX_PSWD_IGNORE_AND_KEEP
If you want to use any of these settings, you must also
set RemoteSysSecurity to CICS_CCINX_SECURITYTYPE_VERIFY.
The CD parameters that determine whether to send the password
to the remote systems are:
OutboundUserIds=sent_only_with_pswd
OutboundUserIds=sent_maybe_with_pswd
For more
information, seeWriting your own version of DFHCCINX. The
following tasks describe some scenarios.