Setting CICS definitions for conversation-level security

This section addresses the three parts to conversation-level security.

LU 6.2 bind-time security

Bind-time security is controlled by the Bindsecurity parameter on the CICS RDO Connection Definition. If Bindsecurity is set to YES, CICS applies LU 6.2 bind-time security to determine whether a requested session is authorized.

CICS uses a password to verify session authorization. The password supplied in CICS must match the password defined on the workstation. The SECURITY Bindpassword parameter in the CICS Connection Definition supplies the password.

Refer to the documentation for the SNA support on your remote system for information about defining the bind password.

CICS link security

CICS link security is required for conversation-level security to CICS. Use link security to define CICS security values on the LU 6.2 session. To specify link security, specify a valid user ID in the SECURITY SEcurityname parameter of the CICS Connection Definition.

When the session is bound after checking bind-time security, CICS checks the External Security Manager to see if the user ID is valid. If it is valid, CICS uses that user ID for the session authorization.

User security

For individual users, the SECURITY ATtachsec parameter in the CICS connection definition determines what type of security is active for a connection. Table 4-1 shows the options:

Table 4-1: User security ATtachsec options

ATtachsec option

Result

LOCAL

CICS does not require a user ID from the remote system and ignores any sent. User security is set to the link security.

IDENTIFY

CICS requires a user ID on every attach request. CICS internal security or an external security manager verifies the user ID.

VERIFY

CICS requires a user ID and password on every attach request. Your security manager verifies both.