z/OS MVS Planning: APPC/MVS Management
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


Defining Conversation Security Levels that Sessions Allow

z/OS MVS Planning: APPC/MVS Management
SA23-1388-00

With VTAM® 3.4 or higher, the CONVSEC field in the SESSION segment of the RACF® APPCLU profile lets you specify the level of security that the local LU will accept from its partner LU. CONVSEC overrides the protection set by the SECACPT keyword of the VTAM APPL statement, which specifies the level of security allowed in conversation requests to an LU from anywhere in the network. CONVSEC narrows that level down to one allowed in a session between two specific LUs.

The CONVSEC values correspond to those of the SECACPT keyword:
Value
Means the local LU will accept:
NONE
Requests that contain no security information
CONV
Requests with security information specified.
ALREADYV
An indication that the user ID and password are already verified by the partner LU, and the partner is to be trusted (includes CONV).
PERSISTV
Persistent verification (PV) requests. With PV, MVS verifies an inbound password the first time it arrives, then accepts the associated user ID without a password on subsequent Allocate requests in the same session (includes CONV).
AVPV
Requests with user ID and password already verified and persistent verification indicators.
For example, to allow conversation requests that include security information or an already verified indicator, you could specify: 
RDEFINE APPCLU AA1.LU02.AA1.LU01 SESSION(SESSKEY(1234CD5)
        CONVSEC(ALREADYV))
To allow conversation requests that include security information or a persistent verification indicator, you could specify: 
RDEFINE APPCLU AA1.LU02.AA1.LU01 SESSION(SESSKEY(1234CD5)
        CONVSEC(PERSISTV))

To delete the conversation security parameters, you can specify NOCONVSEC on the RALTER command. NOCONVSEC tells RACF to ignore conversation security levels when sessions are being established between LUs, and defaults to the value of the SECACPT keyword on the APPL statement.

For more information about specifying conversation security parameters for APPCLU profiles, see z/OS Security Server RACF Command Language Reference.

Parent topic: Defining LU-to-LU Access Authority with RACF APPCLU Profiles

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014