In this section: Reference: |
The FOCUS password (normally set by the FOCUS command SET PASS) can also be set automatically by an external security system such as RACF, CA-ACF2 or CA-Top Secret®. Passwords issued this way are set when FOCUS is first entered and may be permanent (that is, not overridable by subsequent SET USER, SET PASS or -PASS commands) or they may be defaults that can subsequently be overridden. They can be permanent for some users, defaults for others, or not set at all for still others. The advantage of setting FOCUS passwords externally is that they need not be known to the user and, therefore, do not have to be prompted for or embedded in a PROFILE FOCEXEC or in an encrypted FOCEXEC.
FOCUS passwords set this way must match the FOCUS password in the Master Files of the data sources being accessed.
The FOCUS password is set by a CSECT in FOCUS called FOCUSID, which is a dummy in the distributed version of FOCUS. The CA-ACF2 Interface is a working version of this routine, supplied by Computer Associates. Functionally equivalent versions can be written for RACF and for other security systems. In all cases, the FOCUS password is inferred from the FOCUSID code. The function of the FOCUSID CSECT is to provide FOCUS with an overridable or non-overridable FOCUS password. The FOCUSID user exit is supported in the TSO and batch environments.
System administrators can use the exit to restrict access to data sets by causing FOCUS to be entered using an inferred user ID. The installation and use of the external password security exit for CA-ACF2 is documented in Interface Installation.
CALL FOCUSID(ENV,REG1,FOCID,LOGID,RC)
where:
Input
Fullword binary integer.
Environment from which call is made.
0 CMS
1 TSO
2 z/OS batch job
3 CICS
4 open
Input
Fullword binary integer.
Register 1 as passed to FOCUS.
Useful only when it points at an IMS PSB.
Output
8 characters. 8-byte FOCUS password returned by FOCUSID. Left-justified, trailing blanks. Upper-case printable EBCDIC characters only. Leading and embedded blanks respected. Trailing blanks ignored. The last non-blank character of FOCID determines whether the FOCID is overridable.
If the last non-blank character of FOCID is a period (.), or if the eighth character is not a blank, then the FOCUS password is not overridable. If the last non-blank character is not a period and the password is less than eight characters then the password may be overridden using standard PASS, -PASS or SET PASS commands.
The FOCID returned, less the period if any, is set as the user's FOCUS password. The FOCUS password must match the USER= declarations stored in the appropriate Master Files.
Output
8 characters.
Not used at present.
Output
Fullword binary integer.
Return code posted by FOCUSID.
0 FOCID and LOGID posted by FOCUSID.
4 External Security System not installed.
8 No FOCID field (FOCUS Password) for this user.
16 Fatal error in FOCUSID (FOCUS exits via BDEXIT).
Note: The FOCUS password will not be set if RC is non-zero.
The object code of FOCUSID, plus any other object code that it calls, is link-edited into load module CORFOC with the JCL that follows. The new FOCUSID module will replace the dummy version in the distributed FOCUS load module. The steps for installing your password exit are as follows:
//LINK1 EXEC PGM=IEWL,PARM='LET,NCAL,LIST,SIZE=1024K' //SYSPRINT DD SYSOUT=* //SYSUT1 DD UNIT=SYSDA,SPACE=(CYL,(10,1)) //OLDMOD DD DSN=prefix.FOCLIB.LOAD,DISP=SHR //FOCUSID DD DSN=user.compiled.focusid,DISP=SHR //MAINTAIN DD DSN=prefix.FOCCTL.DATA,DISP=SHR //SYSLMOD DD DSN=prefix.TEST.FOCLIB.LOAD,DISP=SHR //SYSLIN DD * MODE AMODE(31),RMODE(ANY) INCLUDE FOCUSID <---- FOCUSID CODE INCLUDE MAINTAIN(ACFINT1) <---- MODE-SWITCHING CODE ENTRY ACFINT1 <---- CNTL STATEMENT NAME FOCUSID(R) <---- NEW MODULE INCLUDE MAINTAIN(ACFINT0,ACFID) <---- ACTIVATION PROGRAMS INCLUDE OLDMOD(CORFOC) <---- MODULE TO BE CHANGED INCLUDE MAINTAIN(CORFOC) <---- CNTL STATEMENTS NAME FOCUS(R) <---- NEW MODULE /*
| Information Builders |