|
The application program can determine the partner's support
for security subfields and indicators. It must also specify to VTAM® its level of support for
the subfields. The following list shows three methods for specifying
support. - Alternate BIND
After the application program's optional LOGON
or SCIP exit is driven, it must issue APPCCMD CONTROL=OPRCNTL, QUALIFY=ACTSESS
to activate the session. The application program can specify
an alternate BIND using the AREA field. Three bits on the alternate
BIND indicate the application program's security acceptance level.
The bit settings for each security level are shown in Table 1. Table 1. Application program's security acceptance level, alternate
BINDSecurity Level |
|
BIND Bits |
|
---|
|
BINCLSS |
BINAVFS |
BINPV |
NONE |
0 |
0 |
0 |
CONV |
1 |
0 |
0 |
ALREADYV |
1 |
1 |
0 |
PERSISTV |
1 |
0 |
1 |
AVPV |
1 |
1 |
1 |
Note: When an APPCCMD CONTROL=OPRCNTL, QUALIFY=CNOS
macroinstruction causes a session to be established on the SNASVCMG
mode, VTAM intercepts the LOGON
exit, and the application program cannot specify an alternate BIND.
For those CNOS requests that do not invoke negotiation, such as a
CNOS with a partner that VTAM knows
to be single-session capable, the application program can specify
security acceptance information on the initial session.
In all cases, the SCIP exit is driven for the initial session so the
application program can supply an alternate BIND response for a CNOS-initiated
session.
- CNOS Session Limits Structure
The application program can
also specify the security acceptance level by setting 3 bits on the
CNOS session limits structure (ISTSLCNS) when it issues APPCCMD CONTROL=OPRCNTL,
QUALIFY=CNOS. Table 2 shows the bit settings
for each security level. Table 2. Application
program's security acceptance level, CNOSSecurity Level |
|
CNOS Bits |
|
---|
|
SLCLCONV |
SLCLAVFA |
SLCLPV |
NONE |
0 |
0 |
0 |
CONV |
1 |
0 |
0 |
ALREADYV |
1 |
1 |
0 |
PERSISTV |
1 |
0 |
1 |
AVPV |
1 |
1 |
1 |
- SECACPT Operand on the APPL Definition Statement
If the security
acceptance level information is not supplied on either the CNOS session
limits structure or an alternate BIND, the SECACPT operand on the
application program's APPL definition statement is used.
For
information on how to code the SECACPT operand, refer to z/OS Communications Server: SNA Resource Definition
Reference.
Note: If a security management product equivalent to RACF® 1.9.1 or greater is installed,
it can limit the application's maximum security acceptance level.
For a complete description of how the security management product
can override this setting, refer to z/OS Security Server RACROUTE Macro Reference.
|