Previous topic |
Next topic |
Contents |
Contact z/OS |
Library |
PDF
Coding the APPL definition statement z/OS Communications Server: SNA Programmer's LU 6.2 Guide SC27-3669-00 |
|
The SECLVL parameter on the application program's APPL definition statement indicates the degree of Level 2 session-level verification to be used if session-level verification is active. Some products allow only Level 1 session-level security and some products allow Level 1 or Level 2 session-level security. Products that allow both levels fall into two classes:
Level 1 is useful in a VTAM that can be backed out to an earlier level of VTAM that can only use Level 1 session-level security. This will prevent the class 2 products (restricted choice) from locking out subsequent sessions to the earlier release of VTAM. SECLVL=ADAPT is useful in a VTAM that
will communicate with either of the following items:
Level 2 is useful when all the communicating products are capable of Level 2 session-level security to insure that an attempt at penetration, using the weaker Level 1 protocols, will be prevented. The valid values on the SECLVL parameter are:
For LU 6.2 sessions to use Level 2 session verification, each application program must be running under VTAM or under another product that supports Level 2 session verification. For each LU 6.2 application program, decide between the
following alternatives:
If you choose the first alternative, you specify the SECLVL=LEVEL2 operand, which means that Level 2 session verification is used between LU 6.2 application programs that support Level 2 verification, and sessions are not allowed with partner LUs that do not support Level 2 verification. If you choose the second alternative, you specify the SECLVL=ADAPT operand, which means that Level 2 session verification is used between LU 6.2 application programs that support Level 2 verification, and the earlier level of session verification is used when the partner LU does not support Level 2 verification. If communicating with a Class 2 product and this level of VTAM can be backed out and replaced by a VTAM that does not support Level 2, then Level 1 must be specified. |
Copyright IBM Corporation 1990, 2014
|