Security quick-start

Here are brief, step-by-step instructions for setting up security for TRS. This section assumes that mainframe security is already configured to match the values you will specify as you go through these steps. See the complete description of each procedure that follows in this chapter for details.

1. Set the TRS Security configuration property to yes.

2. Start TRS.

3. Assign a password to the “sa” account. (See “Changing user passwords and logins”.)

   exec sgw_chpwd sa, password
   

   Remember this password. If you forget passwords for all TRS logins with administration privileges, you will have to reconfigure all of TRS security.

4. (LU 6.2 only) Use the following sgw_addcon procedure to define the connections your TRS uses. Specify LUs that use a mode entry that supports conversation level security. Talk to your VTAM system programmer and verify the PSERVIC property has a value of “x'12'” or “x'10'” in the tenth byte.

   exec sgw_addcon con_name, region, mode,  "max_sessions" 
   

   See “Adding a connection configuration”.

5. (LU 6.2 only) Use the following sgw_addcongrp procedure to add a connection group.

   exec sgw_addcongrp group_name 
   

   See “Adding a connection group”.

6. For LU 6.2 or TCP/IP do the following:

   • (LU 6.2 only) Use the sgw_addcontogrp procedure to add connections to the connection group.

     exec sgw_addcontogrp group_name, con_name 
     

     See “Adding connections to a connection group”.

   • (TCP/IP only) Use the sgw_addregion procedure to specify the regions.

     exec sgw_addregion region, hostname, "port_number" 
     

     See “Defining regions to TRS”.

7. Use the sgw_addrpc procedure to add RPCs. Use one of the following security parameters to specify the login information to send to the mainframe for each RPC:

   exec sgw_addrpc rpc_name, tran_id, region, security 
   

   In the sgw_addrpc procedure, the security parameter can have any of the following values to specify the information to send:

   • none – do not send login information to the mainframe.

   • userid – send only the user ID to the mainframe.

   • both – send both the user ID and the password to the mainframe. (Use values that your mainframe security recognizes.)

   See “Adding an RPC”.

8. Use the sgw_addtrngrp procedure to add a transaction group:

   exec sgw_addtrngrp tran_group, GROUP_LOGIN,  GROUP_PWD, langrpc, langpwdlevel 
   

   See “Adding a transaction group”.

   Be sure that the values of GROUP_LOGIN and GROUP_PWD are in uppercase.

9. Use the sgw_addrpctogrp procedure to add RPCs to the transaction group. For each RPC you add to the group, specify the source of the mainframe login using one of the following rpcpwdlevel parameters:

   • none – do not send login information to the mainframe.

   • user – send the host login and password specified in the sgw_addlog procedure (see the next step) to the mainframe.

   • group – send the login and password specified in the sgw_addtrngrp procedure (see “Adding a transaction group”) to the mainframe.

   exec sgw_addrpctogrp tran_group, rpc_name,  rpcpwdlevel 
   

   See “Adding RPCs to a transaction group”.

10. Use the sgw_addlog procedure to add a login. Specifying the transaction group and connection group that you added in the previous steps.

    exec sgw_addlog login, pwd, HOST_LOGIN, HOST_PWD, tran_group, con_group, gwctrl 
    

    See “Adding a login”.

    Be sure the values of HOST_LOGIN and HOST_PWD are in uppercase. For LU 6.2, use the con_group parameter. For TCP/IP, include a comma as a placeholder.

Copyright © 2005. Sybase Inc. All rights reserved.

View this book as PDF