Installing an External Password Security System

In this section:

In FOCUS you can write your own security interface.

The FOCUS password (normally set by the FOCUS command SET PASS) can also be set automatically by an external security system such as RACF, CA-ACF2 or CA-TOP SECRET. Passwords issued this way are set when FOCUS is first entered and may be permanent (not overridable by subsequent SET USER, PASS or -PASS commands) or they can be defaults and may be subsequently overridden. They can be permanent for some users, defaults for other users, or not set at all for yet other users. The advantage of setting FOCUS passwords externally is that the password need not be known by the user and does not have to be prompted for or be embedded in a PROFILE FOCEXEC or in an encrypted FOCEXEC.

The FOCUS passwords set this way must, of course, match the FOCUS password in the Master Files of the data sources being accessed.

The FOCUS password is set by a CSECT in FOCUS called FOCUSID, which is a dummy in the distributed version of FOCUS. In all cases, the FOCUS password is inferred from your FOCUSID code. The function of the FOCUSID CSECT is to provide FOCUS with an overridable or non-overridable FOCUS password.

Note: Any external exits used must be compatible and available for use by FOCUS, otherwise unpredictable results may occur.
Top of page
x
FOCUSID Calling Sequence
CALL FOCUSID(ENV,REG1,FOCID,LOGID,RC)

where:

FOCUSID

Is a fullword binary integer.

ENV

Is the environment from which the call is made. Possible values can be:

0 CMS

1 TSO

2 MVS batch job

3 CICS

4 open

5 IMS/DC MP region

6 IMS/DC BMP region

REG1

Is a fullword binary integer. (MVS only.) Register 1 as passed to FOCUS. Useful only when it points at an IMS PSB.

FOCID

Is an 8-byte FOCUS password returned by FOCUSID. Left-justified, trailing blanks. Upper-case printable EBCDIC characters only. Leading and embedded blanks respected. Trailing blanks ignored. The last non-blank character of FOCID determines whether the FOCID is overridable:

If the last non-blank character of FOCID is a period (.) or if the eighth character is not a blank then the FOCUS password is not overridable. If the last non-blank character is not a period and the password is less than eight characters, then the password may be overridden using standard PASS, -PASS or SET PASS commands.

The FOCID returned, less the period if any, is set as the user's FOCUS password. The FOCUS password must match the USER = declarations stored in the appropriate Master Files.

LOGID

Is an 8-character fullword binary integer that is not used at present.

RC

Is the return code posted by FOCUSID Possible return codes are:

0 FOCID and LOGID posted by FOCUSID.

4 External Security System not installed.

8 No FOCID field (FOCUS Password) for this user.

16 Fatal error in FOCUSID (FOCUS exits via BDEXIT).

Note that the FOCUS password will not be set if RC is non-zero.
Top of page
x
FOCUSID Installation
  1. Write and compile/assemble your FOCUSID code. It must have an entry point named FOCUSID, and the compiler/assembler output must be named FOCUSID TEXT.
  2. Make a copy of the dummy exit-calling routine by entering the following command:
    COPYFILE FOCUSID TEXT A FOCUSID SHIPTEXT A ( REPLACE OLDDATE.
  3. Move your working version of FOCUSID TEXT to A disk.
  4. Generate FOCUS using the GENFS EXEC.

If you decide at some point that you no longer want to use the security interface, issue the following command and regenerate FOCUS: 

COPYFILE FOCUSID SHIPTEXT A FOCUSID TEXT A ( REPLACE OLDDATE

This will replace the active FOCUSID code with the dummy interface.

Note: If your FOCUSID program (together with all of the programs it calls) is fairly large, you may have to increase the size of the non-shared part of the FOCUS NSS.

Information Builders