z/OS JES2 Initialization and Tuning Guide
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


Specifying multiple passwords for NJE connections

z/OS JES2 Initialization and Tuning Guide
SA32-0991-00

JES2 allows a node to specify different passwords for each adjacent node. Also, an installation can specify a value for the password it receives from an adjacent node to verify the identity of the node signing on.

To implement these security functions, use the subparameters for the PASSWORD parameter on the NODE(nnnn) initialization statement for each directly connected node. Figure 1 shows a JES2 node sending different passwords to different directly-connected nodes. The figure also shows the PASSWORD subparameters that specify the passwords the nodes send and the passwords the nodes expect to receive to establish the connection.

Figure 1. JES2 NJE Signon Password Verification
┌──────┐             ┌──────┐             ┌──────┐
│      │←── I   ←────│      │←── I   ←────│      │
│      │  "WILMA"    │      │  "BARNEY"   │      │
│NODE1 │             │NODE2 │             │NODE3 │
│      │─── J   ────→│      │──→ J    ───→│      │
│      │  "FRED"     │      │  "BETTY"    │      │
└──────┘             └──────┘             └──────┘

N(1) PASSWORD=       N(1) PASSWORD=        N(1) PASSWORD=
                          (SEND=WILMA,
                           VERIFY=FRED)
N(2) PASSWORD=       N(2) PASSWORD=        N(2) PASSWORD=
     (SEND=FRED,                                (SEND=BARNEY,
      VERIFY=WILMA)                              VERIFY=BETTY)
N(3) PASSWORD=       N(3) PASSWORD=        N(3) PASSWORD=
                          (SEND=BETTY,
                           VERIFY=BARNEY)

Using multiple passwords, of course, affords your system greater security; however, you are not required to do so and can set up any or all nodes as shown in Figure 2 . That is, notice that NODE3 is not using the 2-password feature with NODE2. The same password, "WILMA" is used to communicate with both NODE1 and NODE3. The trade-off is a more simplistic security configuration, but this allows all adjacent nodes to know and potentially misuse the single password.

Figure 2. NJE Signon Password Verification for Mixed Levels of JES2
┌──────┐             ┌──────┐             ┌──────┐
│      │←── I   ←────│      │←───I   ←─── │      │
│      │  "WILMA"    │      │  "BARNEY"   │      │
│NODE1 │             │NODE2 │             │NODE3 │
│(410) │──→ J   ────→│(313) │──→ J   ────→│(410) │
│      │  "FRED"     │      │  "WILMA"    │      │
└──────┘             └──────┘             └──────┘

N(1) PASSWORD=       N(1) PASSWORD=FRED    N(1) PASSWORD=

N(2) PASSWORD=       N(2) PASSWORD=WILMA   N(2) PASSWORD=WILMA
     (SEND=FRED,
      VERIFY=WILMA)
N(3) PASSWORD=       N(3) PASSWORD=BARNEY  N(3) PASSWORD=BARNEY
Parent topic: Naming the nodes in a network

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014