CONNX Data Integration Suite 14.8.0 | Administration Guide | CONNX Security | CONNX and VSAM: CICS Server-Side Security | CONNX TCP/IP Listener and Server Security
 
CONNX TCP/IP Listener and Server Security
The CONNX TCP/IP CICS VSAM listener is invoked by the CONNX NX01 CICS transaction. When you log on to CICS and start the listener by entering NX01 START, the CONNX NX01 transaction starts the NX00 CICS listener transaction (program CNXRUN). The CONNX CICS TCP/IP listener program waits for incoming connect requests from the CONNX PC clients. When a connect request is received, the listener program issues a START TRANSID for NXS0 (program CNXVSAM, the CONNX CICS/VSAM server). The CONNX CICS/VSAM server connects back to the invoking CONNX PC client on a new TCP/IP socket.
The security privileges of the CONNX listener derive from the userid which invokes transaction NX01(CNXCFG) to start transaction NX00(CNXRUN). The program CNXRUN is a TCP/IP listener, which acts as a broker to start transaction/program NXS0/CNXVSAM. If the NX01 transaction is automatically started at CICS startup, the CONNX listener program (CNXRUN) inherits the security attributes of the CICS default user ID, as defined in the CICS System Initialization Table (SIT), or by the run-time DFLTUSER startup parameter.
When the CONNX PC user enters a user ID/password in the client logon dialog box, both values are encrypted and sent to the CONNX Listener (CNXRUN). The CONNX Listener decrypts the user ID and password; if the user ID and password are non-blank, the listener issues a CICS VERIFY PASSWORD command. If the command succeeds, the listener starts the NXS0 transaction with the decrypted USER ID parameter. If the user ID sent from the CONNX client is non-blank and different from the user ID which started the NX01 and NX00 transactions, the initial (NX01/NX00) user ID must have surrogate user ID privileges to start the NXS0 transaction. If the surrogate user ID privilege is not defined, CICS returns a NOTAUTH (not authorized) condition, and the CONNX server is not started. If the initial user ID and the user ID sent by the client match, the surrogate user ID privilege requirement is met, since all CICS user IDs are surrogates of themselves.
You can refer to the IBM CICS documentation for more information about USERID or the CICS VERIFY PASSWORD command.