BSA TCP/IP server logon exit (B02UXSIN)

Overview

The logon exit of the BSA TCP/IP server must be activated to enable a check to be made on whether a specific user is allowed to log onto the z/OS system.

The exit must be used for all products except Beta 09 (VDF).

Activation

The exit is provided in source form in member B02UXSIN in the BSA.SAMPLIB.

To activate the exit:

  1. Assemble and link the exit into the BETA.APFLOAD used by the product.

    A sample compile job can be found in member BSTUXASM in the BSA.SAMPLIB. You can also use the tailored job in member G#02XSIN in the BSA.CNTL.

  2. Initialize the product with the exit (BnnINIT with BST01ARI).

Note: We recommend that you do not change the name B02UXSIN.

Application check support

You can specify that logon exit B02UXSIN is to check whether a user is authorized in RACF to use an application. As a minimum, the user must have access READ. To enable the application check, please do the following:

  1. In RACF, define the application in the RACF APPL facility class. The application name consists of the 3-character product ID (for example, B88, B92, B93, etc.) plus the 3‑character application ID (for example, WHD or BWE). For example, the application name checked for _beta access easy is B88WHD. For _beta view, it is B92BWE, B93BWE, etc.
  2. Delete string *APPL from the corresponding statements in exit B02UXSIN, i.e. activate the assembler commands in these statements.
  3. Recompile the exit into the BETA.APFLOAD used by the product (G#02XSIN in BSA.CNTL or BSTUXASM in BSA.SAMPLIB).

Passphrase support

You can specify that the logon exit B02UXSIN is to check passphrases as well as passwords. A passphrase can consist of 9 to 100 characters, and can be defined in addition to a password. To enable a check on passphrases, do the following:

  1. Delete string *PASS from the corresponding statements in the exit, i.e. activate the assembler commands in these statements.
  2. Recompile the exit into the BETA.APFLOAD used by the product (G#02XSIN in BSA.CNTL or BSTUXASM in BSA.SAMPLIB).

Please note that you can change an old password to a new password, or an old passphrase to a new passphrase, but you cannot change a password to a passphrase or a passphrase to a password.

Mixed case and special characters

The server logon exit B02UXSIN automatically checks the password handling defined in RACF. In accordance with the RACF settings, it activates/deactivates support of mixed-case passwords and special characters in passwords in the exit.

If you are using another security system, adjust the server logon exit manually if you need support for mixed-case passwords and special characters. For more information, see the comments in the source code of B02UXSIN, which is provided in the BSA.SAMPLIB.

For your changes to take effect, recompile the exit into the BETA.APFLOAD used by the product (G#02XSIN in BSA.CNTL or BSTUXASM in BSA.SAMPLIB).

Warning if exit is not installed

If the BSA TCP/IP server logon exit has not been installed, a warning message (9283W or 9284W or 8532W) is written to the operator console, but the user can continue working.

Product-specific exits

The BSA TCP/IP server logon exit can also call an additional product-specific logon exit. The name of the product-specific logon exit is specified in the LST parameter Bnn_TCPIP_LOGON_ EXIT or Bnn_TCPIP_LOGON_ EXIT_app.