MODIFY ENCR command


>>-MODIFY-- --procname--,--ENCR--=--+-COND-+-------------------->
                                    +-OPT--+   
                                    '-REQD-'   

>--,--ID--=--lu_name-------------------------------------------><

Abbreviations

Operand	Abbreviation
MODIFY	F

Purpose

With the MODIFY ENCR (encryption) command, you can change the cryptography specifications for logical units. Logical units (application programs, independent LUs, and device type logical units) can be defined as having one of several cryptography specifications. These specifications define the cryptographic capabilities or user session requirements involving the logical units and are described in the z/OS Communications Server: SNA Network Implementation Guide.

Note: The only way to modify ENCRTYPE is to use the MODIFY SECURITY command.

Operands

procname

The procedure name for the command. If procname in the START command was specified as startname.ident, where startname is the VTAM® start procedure and ident is the optional identifier, either startname.ident or ident can be specified for procname.

If procname in the START command was startname, startname must be specified for procname.

ENCR

Specifies the new cryptography specifications of the logical unit. The level of the cryptography specification can be only raised. Any attempt to lower the level is rejected. The new level is effective for all future sessions involving the logical unit; existing active or pending sessions are not affected.

ENCR=OPT: Raises the level of the logical unit's cryptography specification from no cryptography to optional (capable of cryptography).
ENCR=COND: Raises the level of the logical unit's cryptography specification from no cryptography or optional to required (that is, all user sessions must be encrypted) if both sides support encryption. If the session partner does not support encryption, the session does not fail; instead, a session is established with no encryption of data.
ENCR=REQD: Raises the level of the logical unit's cryptography specification from no cryptography or optional (or selective or conditional for application programs) to required (that is, all user sessions must be encrypted).

ID=lu_name

Specifies the name of the logical unit whose cryptography specification is to be changed. The logical unit can be either an application program, a device-type logical unit, or an independent LU.

Tip: If you are specifying a model resource (APPL or CDRSC), you can use wildcard characters in the name you specify. The use of wildcard characters on the ID operand does not depend on the value of the DSPLYWLD start option. For model resources, any current clone resources are unaffected by this command, but future clone resources and their sessions will be affected.

The name can be a network-qualified name. It cannot be a USERVAR or LUALIAS name. If the name specified on the ID operand is network-qualified, this name is considered to be the real name of the resource. The name can be an ACB name or an alias name, so long as it is not network-qualified.

The following example of an APPL major node definition shows how application names can be network qualified:

x      APPL ACBNAME=y,...

In this example, x (the application name) can always be network-qualified. The value y (the ACB name) can be network-qualified only if y is the same as x.

Note: If ID specifies the name of an LU 6.2 application program, you should use the MODIFY ENCR command only when no sessions exist for logon modes other than SNASVCMG. If sessions are active on logon modes other than SNASVCMG, and you use the MODIFY ENCR command to change the encryption level, any attempt to establish a new session with these logon modes is rejected until all existing sessions on that mode that use the previous encryption level have ended.