CONNX Data Integration Suite 14.7.0 | Installation Guide | Installation Steps | Installing Mainframe-Compatible Server | CONNX for VSAM - VSE | Installing the CONNX CICS Components | ICS/VSE 2.3 External Security Interface: Prerequisites and Setup
 
ICS/VSE 2.3 External Security Interface: Prerequisites and Setup
CONNX for CICS/VSE 2.3 and below verifies CICS userid/password combinations via the program CNXSIGN, which invokes the CICS/VSE 2.3 External Security Program DFHXSP. The default DFHXSP program requires a terminal ID during userid/password verification; first it loads the CICS sign-on table (DFHSNT); next, it optionally invokes external security manager program DFXSE. Both default programs can be replaced by user-written or third-party vendor-supplied versions, which must conform to standard call/return parameter blocks.
For CICS 2.3 Coexistence Environments, the following steps are necessary to install the External Security Interface:
1. Rename the original program phases for DFHXSE and DFHXSSCO, and reassemble the versions in library.sublib PRD2.CICSOLDP
2. Rename the original program phases for DFHXSE and DFHXSSCO, and reassemble the versions in library.sublib PRD2.CICSOLDP
CEDA DEF PROG(DFHXSSCO) GROUP(VSESPO) LANG(ASS) RES(YES) RSL(PUBLIC)
3. Define a default DFHSNT (CICS Signon Table) entry
4. Code EXTSEC=YES in the CICS System Initialization Table (DFHSIT) source and reassemble
5. Restart CICS/VSE
Bypassing the CONNX CICS/VSE 2.3 External Security Interface:
By default, the CONNX CICS/VSE 2.3 userid/password verification logic invokes the External Interface program DFHXSP. This logic can be bypassed by setting CONNX environment variable CNXNOPREAUTHORIZE to 1:
nx01 cnxnopreauthorize 1
CAUTION: 
When CNXNOPREAUTHORIZE is set to 1, userid/password verification is bypassed. This means that the CONNX TCP/IP Listener and Server programs inherit the security attributes of the CICS userid which starts the CONNX TCP/IP Listener transaction (NX00) via the NX01 START command. This setting can be used during initial installation and testing, but it is strongly recommended that userid / password checking be enabled for production installations.
Enabling the CONNX CICS/VSE 2.3 External Security Interface
To enable userid/password verification, delete the CNXNOPREAUTHORIZE environment variable via the NX01 transaction:
nx01 cnxnopreauthorize