EXPRESSLOGON statement

Use the EXPRESSLOGON parameter statement to allow a user at a workstation, with a TELNET client and an X.509 certificate, to log on to an SNA application without entering a user ID or password. Instead, the TN3270E Telnet server uses a dynamically-generated PassTicket based on the user's client X.509 certificate to authenticate the user. If NOEXPRESSLOGON is specified, EXPRESSLOGON function is not available to the client.

Telnet is initialized with the value NOEXPRESSLOGON.

The EXPRESSLOGON and NOEXPRESSLOGON statements can be coded in the TELNETGLOBALS, TELNETPARMS, or PARMSGROUP statement blocks. See Rules for Telnet parameter statements and security parameters for more information about the hierarchy of parameter values.

Requirements:
  • The client must support the new environment Telnet option as defined in RFC 1572.
  • When you are configuring the SECUREPORT value, you must specify CLIENTAUTH SAFCERT.
  • When you are configuring the TTLSPORT value, the AT-TLS policy must specify HandshakeRole ServerWithClientAuth, a certificate must be received from the client, and the certificate must have an associated user ID.

Guideline: The EXPRESSLOGON and EXPRESSLOGONMFA statements are mutually exclusive. If both are specified on the same TELNETGLOBALS, TELNETPARMS, or PARMSGROUP statement, the last one specified on that statement is accepted. This guideline also applies to NOEXPRESSLOGON and NOEXPRESSLOGONMFA.

Syntax

Read syntax diagramSkip visual syntax diagramNOEXPRESSLOGONEXPRESSLOGON

Parameters

This statement has no parameters.