Previous topic |
Next topic |
Contents |
Contact z/OS |
Library |
PDF
Specifying the Level of Conversation Security for VTAM z/OS MVS Planning: APPC/MVS Management SA23-1388-00 |
|
As described in Planning Sessions, conversation
security is a factor in planning LUs and defining them to VTAM®. On the VTAM APPL statement that defines an LU to VTAM, you must specify the greatest
level of security to be allowed on inbound conversation requests for
TPs at the LU. You do this by specifying one of the following values
on the APPL statement's SECACPT keyword:
The value you specify in the SECACPT keyword must be appropriate
for the TPs that are to use the LU. SECACPT must allow the type of
security information that the TPs expect to receive. For example,
the following SECACPT value would be appropriate for LU02 and TPB
as shown in Figure 1:
The above statement tells VTAM to accept conversation requests for LU02 that have security information (user ID and password) such as TPA specifies. Figure 1. Sending Security Information
through VTAM
Suppose the APPL definition for LU02 specified SECACPT=NONE instead of CONV, and TPA issues the same Allocate call, as shown in Figure 1. The security information for the outbound TP is greater than the SECACPT value of the partner LU. In such cases, the system downgrades or removes security information from the outbound Allocate request, so that the request matches the minimum security requirements for the partner LU. The results might not be what you expected for this conversation. The SECACPT value that you specify on the VTAM APPL statement provides the default level of acceptable conversation security. You can override that level using the RACF® APPCLU profiles, as described in Defining Conversation Security Levels that Sessions Allow. |
Copyright IBM Corporation 1990, 2014
|