CICS Transaction Server
for z/OS supports both sign-on capable and incapable terminals, provided
that they are at the prerequisite maintenance level. A terminal installation
request that does not specify any sign-on capability, for example
from CICS_EpiAddTerminal, results in a sign-on incapable terminal
being installed.
For sign-on capable terminals: - Use the CICS_EpiAddExTerminal call specifying a SignonCapability of
CICS_EPI_SIGNON_CAPABLE.
- You do not need to set the userid and password fields on the CICS_EpiAddExTerminal call
or use CICS_EpiSetSecurity, provided that you specify UseDfltUser
= Yes in the CICS® connection
definition on the server.
- A user ID and password entered through a sign-on transaction are
flowed to the server as part of the 3270 data stream and they are
in a client trace. Specify UseDfltUser = Yes in the CICS CONNECTION
definition, or ensure that the system administrator sets a default
connection user ID and password for the client. Otherwise, the add
terminal request might fail with an EPI_ERR_SECURITY return code.
The default user ID must have sufficient privileges to allow the CTIN
transaction to run.
- Before the user has signed on, transactions run under the default
user ID for the CICS server.
After sign-on, transactions run under the signed-on user ID.
For sign-on incapable terminals without terminal security: - Use the CICS_EpiAddTerminal call.
- A connection user ID and password are required regardless of the
setting of the UseDfltUser in the CICS connection
definition on the server.
- Transactions run under the user ID specified in the corresponding
function management header (FMH) attach request.
For sign-on incapable terminals with terminal security: - Use the EpiAddExTerminal call specifying a SignonCapability of
CICS_EPI_SIGNON_INCAPABLE.
- Set the userid and password fields on the CICS_EpiAddExTerminal call.
- Specify UseDfltUser = No in the CICS connection
definition on the server to enforce security.
- Use CICS_EpiSetSecurity in conjunction with CICS_VerifyPassword and CICS_ChangePassword to
change the security settings for an existing terminal.
- The user ID and password are flowed to the server in the FMH of
the attach request and are not in a client trace.
- Transactions run under the user ID specified in the corresponding
FMH attach request.
To use one of the APIs that does not support the extended EPI functionality,
use CRTE through a middle tier system to get sign-on capable terminal-like
functionality.