These servers support both sign-on capable and incapable terminals, provided
that they are at the prerequisite maintenance level. A terminal install request
that does not specify any sign-on capability, for example from CICS_EpiAddTerminal, results in a sign-on incapable terminal being installed.
For sign-on capable terminals:
- Use the CICS_EpiAddExTerminal call specifying a SignonCapability of CICS_EPI_SIGNON_CAPABLE.
- You do not need to set the userid and password fields on the CICS_EpiAddExTerminal call or use CICS_EpiSetSecurity, provided that you specify UseDfltUser = Yes in
the CICS® connection definition on the server.
- A userid and password entered through a sign-on transaction are flowed
to the server as part of the 3270 data stream and they will therefore appear
in a client trace.
Specify UseDfltUser = Yes in the CICS CONNECTION
definition, or ensure that the system administrator sets a default connection
userid and password for the client. Otherwise, the add terminal request might
fail with an EPI_ERR_SECURITY return code. The default user ID must have sufficient
privileges to allow the CTIN transaction to run.
- Before the user has signed on, transactions run under the default userid
for the CICS server. After sign-on, transactions run under the signed-on
userid.
For sign-on incapable terminals without terminal security:
- Use the CICS_EpiAddTerminal call
- A connection userid and password are required regardless of the setting
of the UseDfltUser in the CICS connection definition
on the server.
- Transactions run under the userid specified in the corresponding FMH attach
request.
For sign-on incapable terminals with terminal security:
- Use the EpiAddExTerminal call specifying a SignonCapability of CICS_EPI_SIGNON_INCAPABLE.
- Set the userid and password fields on the CICS_EpiAddExTerminal call.
- Specify UseDfltUser = No in the CICS connection
definition on the server to enforce security.
- Use CICS_EpiSetSecurity in conjunction with CICS_VerifyPassword and CICS_ChangePassword to change the security settings for an existing terminal.
- The userid and password are flowed to the server in the FMH of the attach
request and will not appear in a client trace.
- Transactions will run under the userid specified in the corresponding
FMH attach request.
To use one of the APIs that does not support the extended EPI functionality,
use CRTE through a middle tier system to get sign-on capable terminal-like
functionality.