Users can explicitly sign on either by using the CICS-supplied transaction, CESN, which can be defined as the “good morning” transaction on the GMTRAN system initialization parameter; or by using an installation-provided sign on transaction which uses the SIGNON command. OIDCARD users can use CESN to sign on if the card reader supports the DFHOPID identifier (AID). If it does not, use your own installation-provided sign-on transaction. When a user signs on to CICS, the sign-on process involves the following phases:
Immediately following the request to RACF for userid and password verification, CICS clears the internal password field. This minimizes the possibility of the password being revealed in any dump of the CICS address space that may be taken.
You may also voluntarily change your password by entering a new value.
Sign-on for CICS APPLID CICSA100 . . . . . . This is where the good morning message appears. . . . . . . . . . . . . It can be up to four lines in depth . . . . . . . . . . . . . . . . . . to contain the maximum message length . . . . . . . . . . . . . . . . . of 246 characters . . . . . . . . . . . . . . . . . . . . . Type your userid and password, then press ENTER: Userid . . . . ________ Groupid . . . ________ Password . . . ________ Language . . . ___ New Password . . . ________ DFHCE3520 Please type your userid. F3=Exit
With the port of entry check, RACF verifies that the user is authorized to sign on using that port of entry. The use of defined terminals can be restricted to certain times of the day, and to certain days of the week. See Controlling access to CICS from specific ports of entry.
These checks restrict the user to signing on only to those CICS regions for which they are authorized, and only from terminals they are authorized to use.
Explicit sign-on, with the CESN transaction, or the SIGNON command, is performed by the user at the port of entry.
Phase | Explicit | Implicit |
---|---|---|
Scoping | Yes | No |
Identification | Yes | Yes |
Verification | Yes | No except with ATTACHSEC(IDENTIFY) |
Authorization | Yes | Yes |