Using nodal passwords as specified previously still has some drawbacks:
- The passwords are exchanged across the network in clear text,
which could compromise the security of the password.
- The passwords are defined and maintained in the JES2 initialization
stream, by the JES2 system programmer rather than in the system's
security policy (that is RACF®),
by a security administrator.
The secure signon protocol allows greater password security. In
order to take advantage of this protocol, you need to specify the
following:
- On the local node, specify NODE(node2n) SIGNON=SECURE to indicate that the secure protocol is to be used when signing
on to node node2
- Specify RDEFINE APPCLU NJE.node1.node2 SESSION(SESSKEY(key))
UACC(NONE), where
- node1 is the name of the local node
- node2 is the name of the adjacent
node
- key is an agreed upon session key
for the connection
- SETROPTS CLASSACT(APPCLU) to activate the
APPCLU security class.
The node at the other end of the connection must define this setup
as well.
Figure 1 illustrates an example of the definitions
required on both nodes.
Figure 1. NJE
Signon Password Verification for Mixed Levels of JES2 +---------------+ +---------------+
| | | |
| NODE1 | | NODE2 |
| | | |
+---------------+ +---------------+
JES2 Init Statements JES2 Init Statements
NODE(NODE32) SIGNON=SECURE NODE(NODE1) SIGNON=SECURE
RACF Definitions RACF Definitions
RDEFINE APPCLU NJE.NODE1.NODE2 RDEFINE APPCLU NJE.NODE2.NODE1
SESSION(SESSKEY(FRED)) SESSION(SESSKEY(FRED))
UACC(NONE) UACC(NONE)