z/OS Communications Server: SNA Network Implementation Guide
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


Single-domain cryptographic sessions that use PCF/CUSP

z/OS Communications Server: SNA Network Implementation Guide
SC27-3672-01

To allow cryptographic sessions that use PCF/CUSP to be established within a single domain, install the PCF/CUSP compatible cryptographic product.

Use the PCF/CUSP compatible cryptographic product to file secondary logical unit (SLU) keys on the cryptographic key data set (CKDS) as follows:
  • For each device-type LU that is to be used as the secondary end of a cryptographic session, code the following statement: 
    LOCAL luname

    where luname is the name of the LU.

    This LOCAL statement generates an SLU key for the LU and adds it to the CKDS enciphered under the first variant of the host master key. It also returns a clear SLU key. Enter the clear SLU key into the device.

    The CKEYNAME operand on the LU definition statement can be used to reduce definition statements coded in the CDKS. Multiple devices can use the same LOCAL statement in the CDKS by specifying the same value for the CKEYNAME operand. 
    LOCAL ckeyname
    where the value specified in the CKEYNAME operand is the same as the ckeyname.

    See the z/OS Communications Server: SNA Resource Definition Reference for information about coding the CKEYNAME definition statement.

  • For each VTAM® application program that is to be the secondary end of a cryptographic session, code the following statement: 
    REMOTE name

    where name is the name of the application program.

    This REMOTE statement generates an SLU key for the application program and adds it to the CKDS enciphered under the second variant of the host master key.

Parent topic: Filing SLU keys for single-domain cryptographic sessions

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014