To allow cryptographic sessions that use PCF/CUSP to be established
within a single domain, install the PCF/CUSP compatible cryptographic
product.
Use the PCF/CUSP compatible cryptographic product to file secondary
logical unit (SLU) keys on the cryptographic key data set (CKDS) as
follows:
- For each device-type LU that is to be used as the secondary end
of a cryptographic session, code the following statement:
LOCAL luname
where luname is the name of the LU.
This LOCAL
statement generates an SLU key for the LU and adds it to the CKDS
enciphered under the first variant of the host master key. It also
returns a clear SLU key. Enter the clear SLU key into the device.
The CKEYNAME operand on the LU definition statement can be used
to reduce definition statements coded in the CDKS. Multiple devices
can use the same LOCAL statement in the CDKS by specifying the same
value for the CKEYNAME operand.
LOCAL ckeyname
where the value specified in the CKEYNAME operand
is the same as the
ckeyname.
See
the z/OS Communications Server: SNA Resource Definition
Reference for information about coding the
CKEYNAME definition statement.
- For each VTAM® application
program that is to be the secondary end of a cryptographic session,
code the following statement:
REMOTE name
where name is
the name of the application program.
This REMOTE statement
generates an SLU key for the application program and adds it to the
CKDS enciphered under the second variant of the host master key.