Controlling how jobs enter the system

You can use the subsystem descriptions to control how jobs enter the system.

Several subsystem descriptions are shipped with your system. After you have changed your security level (QSECURITY system value) to level 20 or higher, signing on without entering a user ID and password is not allowed with the subsystems shipped by IBM®.

However, defining a subsystem description and job description combination that allows default sign-on (no user ID and password) is possible and represents a security exposure. When the system routes an interactive job, it looks at the workstation entry in the subsystem description for a job description. If the job description specifies USER(*RQD), the user must enter a valid user ID (and password) on the Sign On display. If the job description specifies a user profile in the User field, anyone can press the Enter key to sign on as that user.

At security levels 30 and higher, the system logs an entry (type AF, sub-type S) in the audit journal, if default signon is attempted and the auditing function is active. At security level 40 and higher, the system does not permit default signon, even if a combination of workstation entry and job description exists that allows it. See Signing on without a user ID and password for more information.

Make sure all workstation entries for interactive subsystems refer to job descriptions with USER(*RQD). Control the authority to change job descriptions and monitor any changes that are made to job descriptions. If the auditing function is active, the system writes a JD type journal entry every time the USER parameter in a job description is changed.

Communications entries in a subsystem description control how communications jobs enter your system. A communications entry points to a default user profile, which allows a job to be started without a user ID and password. This represents a potential security exposure. Evaluate the communications entries on your system and use network attributes to control how communications jobs enter your system. Network attributes discusses the network attributes that are important for security.