Using CICS sockets interface for Mainframe Connect Client Option for CICS requires:
Installing IBM RDO definitions for the required new programs and transactions.
Concatenating the new sockets load library.
Enabling CICS sockets interface by using the EZAO command or automatically.
To install and configure the Client Option of
CICS sockets interface
Add the IBM CICS sockets RDO entries to your CICS region. You can find input for DFHCSDUP in tcphlq.SEZAINST(EZACICCT). Note that tcphlq refers to the high level qualifier of your system’s IBM TCP/IP configuration.
Define the EZACONFG dataset to contain the configuration data for CICS sockets and load the system configuration parameters. You can find IBM-supplied JCL for this in tcphlq.SEZAINST(EZACICFG).
Add tcphlq.SEZATCP into the DFHRPL concatenation for the CICS region.
Concatenate the hlq.OSC.CICS.LOADSOK sockets load library before all Sybase libraries in the CICS DFHRPL concatenation.
You can find the JCL used to assemble and link the SYBTPSEC configuration module in ESD2.OSC126.CICS.JCL(I5TPSEC). The macro fields, their defaults, and their meanings are listed in the following table.
SECURITY |
Security verification: Y (default) – The user ID and password are verified when a language request or RPC is started. For gatewayless connections, the connection occurs, but a security error can occur when processing the first request. Invalid user IDs are immediately rejected. H – The user ID and password are verified immediately when a gatewayless connection is established.
U – No password verification is performed. CICS assumes that the incoming user ID is correct and has the authority to run.
T – Use CICS Terminal Security.
N – No user ID and password verification occurs. |
GWTRAN |
The handler transaction called for gateway connections. The default is SYGH. |
GWLTRAN |
The handler called for gatewayless transactions. The default is SYSH. WARNING! This is a different transaction ID from the handler used by the traditional gatewayless listener. Do not set this to SYCH. |
TERMON |
The sign on transaction used for terminal security. The default is SYSO. WARNING! This is a different transaction ID from the sign on transaction used by the traditional listener. Do not set this to SYSG. |
TERMOFF |
The sign off transaction used for terminal security. The default is SYSF. |
PING |
The transaction used for SYBPING. The default is SYPG. |
PWTRAN |
The transaction ID used by the SYBPEM (password change) RPC. The default is SYPM. |
If you require different listeners to have different parameters, you must assemble and link the SYBTPSEC macro under different configuration module names. When configuring a listener, you set the value of the SECEXIT parameter to a specific configuration module name. You also must add an RDO program definition (by copying that of SYBTPSEC) for each new name used.
The following commands control the CICS sockets interface:
EZAC for configuration
EZAO for control
Use EZAC to configure listeners. Each listener is identified by its transaction ID. The following example shows the output of the EZAC,DISplay,LISTENER command:
APPLID ===> CICSDEV1 APPLID of CICS System TRANID ===> SY01 Transaction Name of Listener PORT ===> 03044 Port Number of Listener AF ===> INET Listener Address Family IMMEDIATE ===> NO Immediate Startup Yes|No BACKLOG ===> 020 Backlog Value for Listener NUMSOCK ===> 100 Number of Sockets in Listener ACCTIME ===> 060 Timeout Value for ACCEPT GIVTIME ===> 000 Timeout Value for GIVESOCKET REATIME ===> 000 Timeout Value for READ MINMSGL ===> 004 Minimum Message Length TRANTRN ===> YES Translate TRNID Yes|No TRANUSR ===> YES Translate User Data Yes|No SECEXIT ===> SYBTPSCY Name of Security Exit GETTID ===> NO Get AT-TLS ID (YES|NO) USERID ===> DFHCICS Listener User ID WLM group 1 ===> Workload Manager Group Name 1 WLM group 2 ===> Workload Manager Group Name 2 WLM group 3 ===> Workload Manager Group Name 3
Use the EZAO command to start or stop the entire sockets interface for the region, or to start and stop individual listeners.
If you want the CICS socket interface to start automatically when CICS is initialized, you must add the program EZACIC20 to the second stage of the startup PLT and the first stage of the shutdown PLT. Any sockets defined with IMMEDIATE=YES are automatically started.
The CICS sockets interface creates the required work areas for each listener only at startup. If a listener is created while the interface is running, the interface must be stopped and restarted using EZAO STOP CICS and EZAO START CICS. If not, the Sybase listener ends abnormally with code SB01, indicating that the required work area does not exist. Changes to existing listeners (such as port numbers, backlog, and so on) require only stopping and starting that listener using EZAO STOP LIST(SYxx) and EZAO START LIST(SYxx).You can find detailed information about the EZAC and EZAO commands in z/OS Communications Server: IP CICS Sockets Guide.
There is no difference between SEC=Y and SEC=H when running
transactions from a gateway. When running gatewayless, SEC=Y emulates
a gateway transaction by not returning any security errors until
the client executes a language request or RPC. The setting SEC=H returns
all user ID and password errors at connect time and drops the connection,
as do ASE servers. There are rare instances where the interaction
of RACF and CICS prevents a user ID or password error from being
returned to a gatewayless client when SEC=Y is
used. When this occurs, the gatewayless handler transaction SYSH ends
abnormally without closing the socket. Therefore, Sybase suggests
that you use SEC=H setting.