Installing and configuring the CICS sockets interface  CICS sockets interface control

Appendix C: Setting Up the CICS Sockets Interface

Customizing the SYBTPSEC configuration module

You can find the JCL used to assemble and link the SYBTPSEC configuration module in OSC150.CICS.JCL(IxTPSEC).

This table lists the macro fields, their defaults, and their meanings:

SECURITY

Security verification:

Y – The user ID and password are verified when a language request or RPC is started. For gatewayless connections, the connection does occur, but a security error can occur when the first request is processed. Invalid user IDs are then rejected.

H (default) – The user ID and password are verified immediately when a gatewayless connection is established.

NoteThere is no difference between SEC=Y and SEC=H when you are running transactions from a gateway. When running gatewayless, SEC=Y emulates a gateway transaction by not returning any security errors until the client executes a language request or RPC. The setting SEC=H returns all user ID and password errors at connect time and drops the connection, as do ASE servers. However, there are rare instances in which the interaction of RACF and CICS prevents a user ID or password error from being returned to a gatewayless client when SEC=Y is used. When this occurs, the gatewayless handler transaction SYSH ends abnormally without closing the socket. Therefore, Sybase suggests that you use SEC=H setting.

U – No password verification is performed. CICS assumes that the incoming user ID is correct and has the authority to run.

NoteFor this setting, CICS versions prior to CICS/TS 3.1 cannot detect if a user ID is revoked.

T – Use CICS Terminal Security. This setting results in additional transaction processing that may reduce the listener efficiency.

N – No user ID and password verification occurs.

GWTRAN

The handler transaction called for gateway connections. Default is SYGH.

GWLTRAN

The handler called for gatewayless transactions. Default is SYSH.

TERMON

The sign-on transaction used for terminal security. Default is SYSO.

TERMOFF

The sign off transaction used for terminal security. Default is SYSF.

PING

The transaction used for SYBPING. Default is SYPG.

PWTRAN

The transaction ID used by the SYBPEM (password change) RPC. Default is SYPM.

If you require different listeners to have different parameters, you must assemble and link the SYBTPSEC macro under different configuration module names. When configuring a listener, you set the value of the SECEXIT parameter to a specific configuration module name. You also must add an RDO program definition (by copying that of SYBTPSEC) for each new name used.




Copyright © 2007. Sybase Inc. All rights reserved. CICS sockets interface control

View this document as PDF