Encrypting password for jobs passing via NJE.
ACF2 has the ENCRYPT option on the GSO NJE record.
JES2 has the PENCRYPT on the NODE statement.
Which of these parameters can (should) be used to setup NJE encryption.
PENCRYPT=Yes|NoSpecifies whether (Yes) or not (No) this node supports password encryption.
If PENCRYPT=Yes, JES2 encrypts the password for any job sent across the network to this node.
The encryption scheme JES2 uses is the data encryption system (DES) that exists in RACF.
If the destination node's security product can not interpret passwords using this scheme, the job(s) will fail.
If PENCRYPT=No, JES2 does not encrypt the password for jobs sent across the network to this node.
Does ACF2 have any advice if one parameter (or the other) is best when communicating with nodes running other ESMs (Top Secret and RACF)?
.
Release : 16.0
Component : ACF2 for z/OS
On ACF2 systems only specify ENCRYPT if they are routed to another ACF2
system. ACF2 to ACF2.
ACF2 to RACF or ACF2 to TOP SECRET should not specify ENCRYPT on the ACF2 NJE record.
PENCRYPT should only be specified when the sending and receiving system
uses the same external Security manager.
RACF to RACF can specify PENCRYPT.
TOP SECRET to TOP SECRET can specify PENCRYPT.
RACF to ACF2 or TOP SECRET should not specify PENCRYPT
TOP SECRET to ACF2 or RACF should not specify PENCRYPT