Using secure signon protocol for NJE signon

Using nodal passwords as specified previously still has some drawbacks:

The passwords are exchanged across the network in clear text, which could compromise the security of the password.
The passwords are defined and maintained in the JES2 initialization stream, by the JES2 system programmer rather than in the system's security policy (that is RACF®), by a security administrator.

The secure signon protocol allows greater password security. In order to take advantage of this protocol, you need to specify the following:

On the local node, specify NODE(node2n) SIGNON=SECURE to indicate that the secure protocol is to be used when signing on to node node2
Specify RDEFINE APPCLU NJE.node1.node2 SESSION(SESSKEY(key)) UACC(NONE), where
- node1 is the name of the local node
- node2 is the name of the adjacent node
- key is an agreed upon session key for the connection
SETROPTS CLASSACT(APPCLU) to activate the APPCLU security class.

The node at the other end of the connection must define this setup as well. Figure 1 illustrates an example of the definitions required on both nodes.

Figure 1. NJE Signon Password Verification for Mixed Levels of JES2

 +---------------+                      +---------------+
 |               |                      |               |
 |  NODE1        |                      |  NODE2        |
 |               |                      |               |
 +---------------+                      +---------------+

 JES2 Init Statements                   JES2 Init Statements
 NODE(NODE32) SIGNON=SECURE             NODE(NODE1) SIGNON=SECURE

 RACF Definitions                       RACF Definitions
 RDEFINE APPCLU NJE.NODE1.NODE2         RDEFINE APPCLU NJE.NODE2.NODE1
   SESSION(SESSKEY(FRED))                 SESSION(SESSKEY(FRED))
   UACC(NONE)                             UACC(NONE)