How to setup Security when using CA Gen Direct Connect for CICS

book

Article ID: 33562

calendar_today

Updated On:

Products

CA Gen CA Gen - Build Tool CA Gen - Workstation Toolset CA Gen - Host Encyclopedia CA Gen - Run Time Distributed 3RD PARTY TSO

Issue/Introduction

Summary:

 

How to setup security when using CA Gen Direct Connect for CICS.

This document serves as a guide to implement security when using CA Gen Direct Connect for CICS.  It can be used for the Single Socket Server Listener (TISL) or the Muli-Socket Server Listener (TIML) installation.  The CA Gen initial software install will default to no security checking, meaning any user ID and/or password can execute. 

 

Instructions:

STANDARD SECURITY

To validate user ID and password, no setting is required on the client side if users logon using Client Manager.  The User ID and Password are passed in the Common Format Buffer.  Change user exit CEG8SAMP(TIRSLEXT) on the Host to validate standard security as follows:

 

Change:

BKLERPSW B     KLEARPSW       CLEAR PASSWORD AND RETURN             

*BVALUIDP B     VALUIDP        CONTINUE TO VALIDATE-USERID-PASSWORD 

 

To:

*BKLERPSW B     KLEARPSW       CLEAR PASSWORD AND RETURN             

BVALUIDP B     VALUIDP        CONTINUE TO VALIDATE-USERID-PASSWORD 

Install the TIRSLEXT module using CEG8SAMP(MKUECTCP) as directed in the comments of this module.  Install into CICS.User ID and Password are validated prior to calling the server.

If user written logon program is used, it must use the variables CLIENT_USER_ID and CLIENT_PASSWORD to capture the credentials.  In the Gen Toolset directory, change WREXITN.c in the method WRSECTOKEN to return SecurityUsedStandard.  This will pass the user id and password in the Common Format Buffer.  On the z/OS Host, change CEG8SAMP(TIRSLEXT) as described above and install using CEG8SAMP(MKUECTCP).  In addition, change user exit CEHBSAMP(TIRCUSRX) by substituting the MAINLINE thru MAINLINE-EXIT code in comments with the default code.  If this is not done, the task id is used and returned to the client.  Install the changed module using CEHBSAMP(MKUEXITS) as TIRCUSRZ.  Install both changed modules into CICS.

 

ENHANCED SECURITY 

When using enhanced security, the variables CLIENT_USER_ID and CLIENT_PASSWORD must be used to capture the credentials with the client program.  On the toolset, change the return in WREXITN.C in method WRSECTOKEN to SecurityUsedEnhanced.  This will put the user id and password in two places of the Common Format Buffer and set the enhanced flag.  On the z/OS Host, make the following change to CEG8SAMP(TIRSLEXT)

 

Change:

BKLERPSW B KLEARPSW       CLEAR PASSWORD AND RETURN 
*BVALUIDP B VALUIDP          CONTINUE TO VALIDATE-USERID-PASSWORD 
*BVFYENSC B VFYEHSEC       CONTINUE TO VERIFY-ENHANCED-SECURITY    

 

To:
*BKLERPSW B     KLEARPSW    CLEAR PASSWORD AND RETURN                
*BVALUIDP B     VALUIDP        CONTINUE TO VALIDATE-USERID-PASSWORD     
BVFYENSC B     VFYEHSEC       CONTINUE TO VERIFY-ENHANCED-SECURITY     

 

Modify CEHBSAMP(TIRSECVX) with custom changes to validate security.  See option 2 in the comments for this exit that gives helpful info on what has to be done.  Install this program with CEHBSAMP(MKUEXITS) and any other user program needed to validate security.

 

 

 

 

 

 

 

 

 

 

Environment

Release: KGNDDL99000-8.5-Gen-DBP Developer License
Component: