Client security overview

CICS® servers might require the Client daemon to supply a user ID and password before they permit the following: This depends on the server and protocol security settings. The user ID and password are sent to the server of the transaction attach request for each conversation. A user ID and password are also required when a sign-on transaction is invoked on a sign-on capable terminal. In this instance, the user ID and password are flowed to the server as part of the 3270 data stream.

User IDs and passwords must not contain DBCS characters.

If no user ID is passed by a CICS Universal Client user application, and no default is set by the CICS Universal Client, the transaction is run using the mainframe CICS server's default user ID and password if the Usedfltuser parameter on the CICS server connection definition is set to Yes. If this parameter is set to No, security is enforced by the host CICS server and a user ID and password will need to be supplied. In each case, transactions execute in the server with the authorities assigned to the user ID authenticated.

Because the Client daemon has no security manager, it does not support user ID authentication. Configure your CICS server client connections so that incoming attach requests must specify a user ID and password. For mainframe servers, specify AttachSec = Verify in the CICS connection definition. AttachSec = Identify, which indicates that a user ID, but not password, is required, is not supported for client connections.