The Communications Server provides z/OS® TN3270E Telnet server (Telnet), that is enabled for both SSL and AT-TLS; the data path in the IP network to Telnet is protected using the SSL protocol. IBM® Host On Demand and Personal Communications provide a Telnet client that is enabled for SSL.
The Communications Server Telnet SSL support provides several extensions for RACF-based access control to Telnet. These extensions prevent a client from seeing the USSMSG (log on screen) unless the client is authorized. To use this support, define the client certificate to RACF® using RACF digital certificate services. The first level of authorization checking verifies that the RACF user ID represented by the client certificate is defined to RACF. The next level of authorization requires that this RACF user ID be permitted to access the Telnet port. The Telnet port is represented as a RACF resource using the SERVAUTH class.