Datacom14 and ALLOWUSERKEYCSA
search cancel

Datacom14 and ALLOWUSERKEYCSA

book

Article ID: 57640

calendar_today

Updated On:

Products

Datacom DATACOM - AD Datacom/AD Datacom/DB Datacom/Server

Issue/Introduction

Trying to implement IBM's recommendation of: VSM ALLOWUSERKEYCSA(NO)                                           

NO prevents user key CSA from being allocated by failing any attempt  to obtain user key from a CSA subpool (through GETMAIN or STORAGE OBTAIN) with a B04-5C, B0A-5C, or B78-5C abend. The default is NO. IBM recommends that you should not specify ALLOWUSERKEYCSA(YES).      

User key CSA creates a security risk because any unauthorized program can modify it.  

For several releases of Datacom, there has been an alternative to the use of ECSA for the execution of a Datacom MUF. Datacom/DB can execute in a mode where task-related storage (as described above) resides in an IBM “data space.” This data space designated for Datacom task storage is subject to modification only by Datacom programs as required to communicate with MUF.

To date, the majority of our Datacom customers have chosen to use the ECSA default implementation rather than the alternate data space implementation. However, IBM’s z/OS 1.9 default of AllowUserKeyCSA(NO) may trigger additional customers to review the available options and possibly switch to the data space option.

Does this still hold true for R14? What would have to change, if anything, in our MUF configurations?

Environment

Datacom

Resolution

Datacom/AD 14.0 is unaffected by that IBM parameter (ALLOWUSERKEYCSA)

With release 12 and above, Datacom will no longer allocate or use ECSA PROTECT KEY 8 storage; it is now using data space.

At startup Multi-User creates a small data space, which can be seen via message:

DB00278I - DATASPACE NAME 00021MUF   (as an example).

This is transparent to the user application and it takes care of the problem coming with that IBM parameter (ALLOWUSERKEYCSA).

Additional Information

From Datacom/DB System and Administration Guide r14.0

Task Communications: Applications communicate with the Multi-User Facility through a task communications area (known as the DBRW or RWTSA). These task communications areas are allocated in the MUF address space and also a dedicated dynamically allocated Dataspace unique by the MUF name. In addition to the Dataspace, each MUF requires one 4k page ECSA for communication, a couple hundred bytes of identification, and about 100 bytes per task area, all in ECSA, key 0. Specific sizes are provided in the DBUTLTY REPORT MEMORY=MVS...

See also:  APAR #: QI83015 Title: *TIP:CA DATACOM USE OF KEY 8 AND THE COMMUNICATION DATASPACE

Powered by Wolken Software