Change DDM TCP/IP Attributes (CHGDDMTCPA)
| Where allowed to run: All environments (*ALL) Threadsafe: No |
Parameters Examples Error messages |
The Change DDM TCP/IP Attributes (CHGDDMTCPA) command provides an interface to configure parameters for the use of DDM or DRDA over TCP/IP.
Restrictions:
- *SECADM, *ALLOBJ, and *IOSYSCFG special authorities are needed to use this command.
| Top |
Parameters
| Keyword | Description | Choices | Notes |
|---|---|---|---|
| AUTOSTART | Autostart server | *SAME, *NO, *YES | Optional, Positional 1 |
| PWDRQD | Lowest authentication method | *SAME, *USRID, *VLDONLY, *USRIDPWD, *USRENCPWD, *ENCUSRPWD, *KERBEROS, *NO, *YES, *ENCRYPTED | Optional |
| ENCALG | Lowest encryption algorithm | *SAME, *DES, *AES | Optional |
| Top |
Autostart server (AUTOSTART)
Specifies whether to automatically start the DDM server when TCP/IP is started by the Start TCP/IP (STRTCP) command. The parameter takes effect the next time the STRTCP command is run. It also causes the DDM server to start when selected TCP/IP servers are started with the Start TCP/IP Server (STRTCPSVR) command and SERVER(*AUTOSTART) is specified.
- *SAME
- The value does not change.
- *YES
- Start the DDM TCP/IP server.
- *NO
- Do not start the DDM TCP/IP server when starting TCP/IP, or when running the STRTCPSVR SERVER(*AUTOSTART) command.
| Top |
Lowest authentication method (PWDRQD)
Specifies the lowest level of password security required when a client system connects to this system as a server. This parameter takes effect on the next DRDA or DDM connect request over TCP/IP.
- *SAME
- The value does not change.
- *USRID
- Do not require a password on a DDM connection request. If a password is sent, it is ignored. See also *VLDONLY description.
- *VLDONLY
- Do not require a password on a DDM connection request. If a password is sent, howevers, it must be valid for the associated userid.
- *USRIDPWD
- Refuse the connection if a DDM connection request does not contain a password associated with the userid.
- *USRENCPWD
- Require the sending of an encrypted password along with the userid by a remote client system attempting to connect.
- *ENCUSRPWD
- Require the sending of an encrypted user ID and encrypted password by a remote client system attempting to connect.
- *KERBEROS
- Authentication occurs using Kerberos.
Note: The following values are only supported for compatibility with the releases earlier than Version 6 Release 1 Modification 0 of the operating system.
- *NO
- Do not require a password on a DDM connection request. If a password is sent, it is ignored. See also *VLDONLY description. It is now recommended to use value *USRID in place of value *NO.
- *YES
- Refuse the connection if a DDM connection request does not contain a password associated with the userid. It is now recommended to use value *USRIDPWD in place of value *YES.
- *ENCRYPTED
- Require the sending of an encrypted password along with the userid by a remote client system attempting to connect. It is now recommended to use value *USRENCPWD in place of value *ENCRYPTED.
| Top |
Lowest encryption algorithm (ENCALG)
Specifies the lowest strength encryption algorithm allowed on an incoming DRDA or DDM connect request over TCP/IP. This parameter takes effect on the next DRDA or DDM connect request over TCP/IP.
- *SAME
- The value does not change.
- *AES
- Advanced Encryption Standard (AES) encryption algorithm only will be allowed. If the client requests AES, the connection will negotiated to use AES. If the client requests DES, but also supports AES, the server will force re-negotiation with the client to AES. If the client does not support AES, the connection will be refused. If the user specifies *AES on this commmand, it is recommended that the user specify *AES on the ENCALG keyword on the ADDRDBDIRE (Add RDB Directory Entry) command or CHGRDBDIRE (Change DDM TCP/IP Attributes) command on the client side to avoid a re-negotiation flow that will occur when *DES is specified.
- *DES
- Data Encryption Standard (DES) encryption algorithm or higher strength encryption algorithm will be allowed. If the client requests DES, the connection will negotiate to use DES. If the client requests AES, the connection will negotiate to use AES.
From highest to lowest strength, the encryption algorithms are:
- *AES
- *DES
| Top |
Examples
Example 1: Displaying the Change DDM TCP/IP Attributes Display
CHGDDMTCPA
This command, when prompted, shows the current DDM TCP/IP attribute values.
Example 2: Starting the DDM TCP/IP Server Automatically
CHGDDMTCPA AUTOSTART(*YES)
This command indicates that the next time TCP/IP is started by the STRTCP command, the DDM server is to be started automatically.
Example 3: Allowing DDM TCP/IP Connection Requests to be Accepted if They Contain at Minimum a Userid with No Password.
CHGDDMTCPA PWDRQD(*USRID)
This command indicates that on the next DDM TCP/IP connection request, a password will not be required in order to initiate the connection.
| Top |
| Top |