EXCI connections enforce link, bind and user security. Link security restricts the resources that can be accessed over a connection to a CICS server, bind security prevents an unauthorized client system from connecting to CICS, and user security restricts the CICS resources that can be accessed by a user.
By default, the link user ID that CICS uses for these security checks is the user ID under which the Gateway daemon runs; to override this, specify a USERID parameter in the SESSIONS definition.
The client application is treated in the same way as a CICS server for MRO logon and connect (bind-time) security checking; when the client connects, the CICS interregion communication program (IRP) performs logon and bind-time security checks against the user ID under which the client is running.
A number of settings and security checks ensure validation of user IDs and passwords.
See also Configuring for client certificate mapping.
A user ID can also be obtained from a mapping of an SSL client certificate. For more information, see User authentication using SSL client certificates.