The CONNX TCP/IP CICS VSAM listener is invoked by the CONNX NX01 CICS
transaction. When you log on to CICS and start the listener by entering
NX01 START
the CONNX NX01 transaction starts the NX00 CICS listener transaction (program
CNXRUN). The CONNX CICS TCP/IP listener program waits for incoming connect
requests from the CONNX PC clients. When a connect request is received,
the listener program issues a START TRANSID for NXS0 (program CNXVSAM,
the CONNX CICS/VSAM server). The CONNX CICS/VSAM server connects back
to the invoking CONNX PC client on a new TCP/IP socket.
The security privileges of the CONNX listener derive from the userid which invokes transaction NX01(CNXCFG) to start transaction NX00(CNXRUN). Program CNXRUN is a TCP/IP listener, which acts as a broker to start transaction/program NXS0/CNXVSAM. If the NX01 transaction is automatically started at CICS startup, the CONNX listener program (CNXRUN) inherits the security attributes of the CICS default user ID, as defined in the CICS System Initialization Table (SIT), or by the run-time DFLTUSER startup parameter.
When the CONNX PC user enters a user ID/password in the client logon dialog box, both values are encrypted and sent to the CONNX Listener (CNXRUN). The CONNX Listener decrypts the user ID and password; if the user ID and password are non-blank, the listener issues a CICS VERIFY PASSWORD command. If the command succeeds, the listener starts the NXS0 transaction with the decrypted USER ID parameter. If the user ID sent from the CONNX client is non-blank and different from the user ID which started the NX01 and NX00 transactions, the initial (NX01/NX00) user ID must have surrogate user ID privileges to start the NXS0 transaction. If the surrogate user ID privilege is not defined, CICS returns a NOTAUTH (not authorized) condition, and the CONNX server is not started. If the initial user ID and the user ID sent by the client match, the surrogate user ID privilege requirement is met, since all CICS user IDs are surrogates of themselves.
Log on to CICS. (See Step 5 in the CONNX Installation Guide.)
Start the listener by
typing
NX01 START
The CONNX NX01 transaction starts the NX00 CICS listener transaction (program CNXRUN).
The CONNX CICS TCP/IP listener program waits for incoming connect requests from the CONNX PC clients. When a connect request is received, the listener program issues a START TRANSID for NXS0 (program CNXVSAM, the CONNX CICS/VSAM server). The CONNX CICS/VSAM server connects back to the invoking CONNX PC client on a new TCP/IP socket.
A description of the user ID and terminal ID is excerpted from the following CICS document:
Title: CICS Application Programming Reference
Document Number: SC33-1688-31
Build Date: 01/18/00 11:28:00 Build Version: 1.3.0
The excerpt included below is from IBM documentation:
"USERID (data-value)
Specifies the userid under whose authority the started transaction is to run, if the started transaction is not associated with a terminal (that is, when TERMID is not specified). This is referred to as userid1.
If you omit both TERMID and USERID , CICS uses instead the user ID under which the transaction that issues the START command is running. This is referred to as userid 2.
By using either userid1 or userid2, CICS ensures that a started transaction always runs under a valid user ID , which must be authorized to all the resources referenced by the started transaction.
CICS performs a surrogate security check against userid2 to verify that this user is authorized to userid1. If userid2 is not authorized, CICS returns a NOTAUTH condition. The surrogate check is not done here if USERID is omitted. "
Further information on CICS Security is available in:
Title: CICS RACF Security Guide
Document Number: SC33-1701-32
Build Date: 06/23/00 12:52:23 Build Version: 1.3.0
For information on the CICS VERIFY PASSWORD command, refer to IBM documentation