The CICS® Configuration Manager server can listen for clients on up to three TCP/IP ports,
each with a different level of security:
- Unauthenticated and unencrypted
- No client user ID or password required. Data is not encrypted.
- Authenticated and unencrypted
- Client user ID and password required. Data is not encrypted
- Authenticated and encrypted using SSL
- Client user ID and password required. Data is encrypted using the secure
sockets layer (SSL).
If the CICS region running the CICS Configuration Manager server is using full external security
(system initialization parameter SEC=YES), then:
- If a client connects via an unauthenticated port, the server uses the
authority of the CICS default user ID (system initialization parameter DFLTUSER)
to perform actions on behalf of the client.
Figure 1. Connecting via an unauthenticated port: access is authorized by the CICS default user ID (if SEC=YES)
CICSPlex SM: If the CICS Configuration Manager API command
involves calling the CICSPlex® SM API (for example, to update a resource definition
in a context), then this CICSPlex SM API call also relies on the authority
of the CICS default user ID. However, if the server CICS region specifies SEC=NO, then this CICSPlex SM API call relies on the authority of the CICS region user ID.
- If a client connects via an authenticated port (with or without SSL),
the server uses the authority of the client user ID.
Figure 2. Connecting via an authenticated port: access is authorized by the client
user ID
CICSPlex SM: If the CICS Configuration Manager API command
involves calling the CICSPlex SM API (for example, to update a resource definition
in a context), then this CICSPlex SM API call also relies on the authority
of the client user ID.
Instead of a password, the clients
supplied with CICS Configuration Manager use a PassTicket to authenticate the client user. For
more information about PassTickets, see z/OS®: Security Server RACF® Security Administrator's Guide.
The appropriate user ID must have the authority to use the CICS resources and
commands that the server requires to perform the action requested by the client.
For details, see CICS resources and commands used by the CICS Configuration Manager server.