Abbreviations
Operand |
Abbreviation |
MODIFY |
F |
Purpose
With the MODIFY ENCR
(encryption) command, you can change the cryptography specifications
for logical units. Logical units (application programs,
independent LUs, and device type logical units) can be defined as
having one of several cryptography specifications. These specifications
define the cryptographic capabilities or user session requirements
involving the logical units and are described in the z/OS Communications Server: SNA Network Implementation
Guide.
Note: The only way to modify ENCRTYPE
is to use the MODIFY SECURITY command.
Operands
- procname
- The procedure name for the command. If procname in
the START command was specified as startname.ident,
where startname is the VTAM® start procedure and ident is
the optional identifier, either startname.ident or ident
can be specified for procname.
If procname in the START command was startname,
startname must be specified for procname.
- ENCR
- Specifies the new cryptography specifications of the logical unit. The
level of the cryptography specification can be only raised. Any attempt
to lower the level is rejected. The new level is effective for all
future sessions involving the logical unit; existing active or pending
sessions are not affected.
- ENCR=OPT
- Raises the level of the logical unit's cryptography specification
from no cryptography to optional (capable of cryptography).
- ENCR=COND
- Raises the level of the logical unit's cryptography specification
from no cryptography or optional to required (that is, all user sessions
must be encrypted) if both sides support encryption. If the session
partner does not support encryption, the session does not fail; instead,
a session is established with no encryption of data.
- ENCR=REQD
- Raises the level of the logical unit's cryptography specification
from no cryptography or optional (or selective or conditional for
application programs) to required (that is, all user sessions must
be encrypted).
- ID=lu_name
- Specifies the name of the logical unit whose cryptography specification
is to be changed. The
logical unit can be either an application program, a device-type logical
unit, or an independent LU.
Tip: If you are specifying a model resource (APPL or CDRSC),
you can use wildcard characters in the name you specify. The use of
wildcard characters on the ID operand does not depend on the value
of the DSPLYWLD start option. For model resources, any current clone
resources are unaffected by this command, but future clone resources
and their sessions will be affected.
The name can be a network-qualified
name. It cannot be a USERVAR or LUALIAS name. If the name specified
on the ID operand is network-qualified, this name is considered to
be the real name of the resource. The name can be an ACB name or an
alias name, so long as it is not network-qualified.
The following
example of an APPL major node definition shows how application names
can be network qualified:
x APPL ACBNAME=y,...
In
this example, x (the application name) can
always be network-qualified. The value y (the
ACB name) can be network-qualified only if y is
the same as x.
Note: If ID specifies
the name of an LU 6.2 application program, you should use the MODIFY
ENCR command only when no sessions exist for logon modes other than
SNASVCMG. If sessions are active on logon modes other than SNASVCMG,
and you use the MODIFY ENCR command to change the encryption level,
any attempt to establish a new session with these logon modes is rejected
until all existing sessions on that mode that use the previous encryption
level have ended.