Here are brief, step-by-step instructions for setting up security for TRS. This section assumes that mainframe security is already configured to match the values you will specify as you go through these steps. For details, see the complete description of each procedure that follows in this chapter.
Set the TRS Security configuration property to yes
Start TRS.
Assign a password to the “sa” account. (See “Changing user passwords and logins”.)
exec sgw_chpwd sa, password
Remember this password. If you forget passwords for all TRS logins with administration privileges, you will have to reconfigure all of TRS security.
(LU 6.2 only) Use sgw_addcon to define the connections your TRS uses. Specify LUs that use a mode entry that supports conversation level security. Talk to your VTAM system programmer and verify that the PSERVIC property has a value of “x'12'” or “x'10'” in the tenth byte.
exec sgw_addcon con_name, region, mode, "max_sessions"
(LU 6.2 only) Use sgw_addcongrp to add a connection group:
exec sgw_addcongrp group_name
For LU 6.2 or TCP/IP:
(LU 6.2 only) Use sgw_addcontogrp to add connections to the connection group:
exec sgw_addcontogrp group_name, con_name
(TCP/IP only) Use sgw_addregion to specify the regions:
exec sgw_addregion region, hostname, "port_number"
Use sgw_addrpc to add RPCs:
exec sgw_addrpc rpc_name, tran_id, region, security
In the sgw_addrpc procedure, use one of these security parameters to specify the login information to send to the mainframe for each RPC:
none – do not send login information to the mainframe.
userid – send only the user ID to the mainframe.
both – send both the user ID and the password to the mainframe. (Use values that your mainframe security recognizes.)
See “Adding an RPC”.
Use the sgw_addtrngrp procedure to add a transaction group:
exec sgw_addtrngrp tran_group, GROUP_LOGIN, GROUP_PWD, langrpc, langpwdlevel
See “Adding a transaction group”.
The values of GROUP_LOGIN and GROUP_PWD must be uppercase.
Use sgw_addrpctogrp to add RPCs to the transaction group:
exec sgw_addrpctogrp tran_group, rpc_name, rpcpwdlevel
For each RPC you add to the group, specify the source of the mainframe login using one of these rpcpwdlevel parameters:
none – do not send login information to the mainframe.
user – send the host login and password specified in the sgw_addlog procedure (see the next step) to the mainframe.
group – send the login and password specified in the sgw_addtrngrp procedure (see “Adding a transaction group”) to the mainframe.
Use sgw_addlog to add a login. Specifying the transaction group and connection group that you added in the previous steps:
exec sgw_addlog login, pwd, HOST_LOGIN, HOST_PWD, tran_group, con_group, gwctrl
See “Adding a login”.
Be sure the values of HOST_LOGIN and HOST_PWD are in uppercase. For LU 6.2, use the con_group parameter. For TCP/IP, include a comma as a placeholder.