User-Coded Password Security Interface

In this section:

Reference:

The FOCUS password (normally set by the FOCUS command SET PASS) can also be set automatically by an external security system such as RACF, CA-ACF2 or CA-Top Secret®. Passwords issued this way are set when FOCUS is first entered and may be permanent (that is, not overridable by subsequent SET USER, SET PASS or -PASS commands) or they may be defaults that can subsequently be overridden. They can be permanent for some users, defaults for others, or not set at all for still others. The advantage of setting FOCUS passwords externally is that they need not be known to the user and, therefore, do not have to be prompted for or embedded in a PROFILE FOCEXEC or in an encrypted FOCEXEC.

FOCUS passwords set this way must match the FOCUS password in the Master Files of the data sources being accessed.

The FOCUS password is set by a CSECT in FOCUS called FOCUSID, which is a dummy in the distributed version of FOCUS. The CA-ACF2 Interface is a working version of this routine, supplied by Computer Associates. Functionally equivalent versions can be written for RACF (using the z/OS RACROUTE macro) and for other security systems. In all cases, the FOCUS password is inferred from the FOCUSID code. The function of the FOCUSID CSECT is to provide FOCUS with an overridable or non-overridable FOCUS password. The FOCUSID user exit is supported in the TSO and batch environments.

System administrators can use the exit to restrict access to data sets by causing FOCUS to be entered using an inferred user ID. The installation and use of the external password security exit for CA-ACF2 is documented in Interface Installation.
Top of page
x
Reference: FOCUSID Calling Sequence
CALL FOCUSID(ENV,REG1,FOCID,LOGID,RC)

where:

ENV

Input

Fullword binary integer.

Environment from which call is made.

0 CMS

1 TSO

2 z/OS batch job

3 CICS

4 open

REG1

Input

Fullword binary integer.

Register 1 as passed to FOCUS.

Useful only when it points at an IMS PSB.

FOCID

Output

8 characters. 8-byte FOCUS password returned by FOCUSID. Left-justified, trailing blanks. Upper-case printable EBCDIC characters only. Leading and embedded blanks respected. Trailing blanks ignored. The last non-blank character of FOCID determines whether the FOCID is overridable.

If the last non-blank character of FOCID is a period (.), or if the eighth character is not a blank, then the FOCUS password is not overridable. If the last non-blank character is not a period and the password is less than eight characters then the password may be overridden using standard PASS, -PASS or SET PASS commands.

The FOCID returned, less the period if any, is set as the user's FOCUS password. The FOCUS password must match the USER= declarations stored in the appropriate Master Files.

LOGID

Output

8 characters.

Not used at present.

RC

Output

Fullword binary integer.

Return code posted by FOCUSID.

0 FOCID and LOGID posted by FOCUSID.

4 External Security System not installed.

8 No FOCID field (FOCUS Password) for this user.

16 Fatal error in FOCUSID (FOCUS exits via BDEXIT).

Note: The FOCUS password will not be set if RC is non-zero.
Top of page
x
Installing the FOCUSID User Exit

The object code of FOCUSID, plus any other object code that it calls, is link-edited into load module CORFOC with the JCL that follows. The new FOCUSID module will replace the dummy version in the distributed FOCUS load module. The steps for installing your password exit are as follows:

  1. Write your FOCUSID code, compile and link-edit it.
  2. Edit the FOCUSID DD statement in the following JCL to point to your new FOCUSID module.
  3. After editing the following JCL according to the specifications of your installation, submit the job, which creates the module FOCUSID, and links the password interface modules into FOCUS. The following JCL for installing your interface is found in F.HOME.DATA(FOCUSIDJ), which is the alias of FOCCTL.DATA:

The following is JCL for compiling and linking the FOCUSID module with CA-ACF2 External Security Manager (ESM):

//Add  JOB card here                                        
//******************************************************************** 
//* Update the 'installed_hlq' variable to the high-level qualifier 
//* you used during ISETUP installation  
//* Update the dsn_load variable to the fully-qualified name of
//* your test load library.
//* Note that the dsn_load value should not be in quotes.
//********************************************************************          
//SETS     SET SOURCE='installed_hlq.F.HOME.DATA(FOCUSIDJ     
//*     Note: The F.HOME.DATA library is the alias of FOCCTL.DATA
//      SET LOADLIB=dsn_load                                                 
//********************************************************************          
//* Compile  for  ASSEMBLER (ASMA90) ...                                                                 
//********************************************************************          
//ASSEMBLR EXEC PGM=ASMA90,                                                     
// PARM='NODECK,OBJECT,LIST,XREF(SHORT)'                                        //SYSIN    DD  DISP=SHR,DSN=&SOURCE                                   
//SYSLIB   DD  DISP=SHR,DSN=SYS1.MACLIB                               
//         DD  DISP=SHR,DSN=SYS1.MODGEN                               
//SYSTERM  DD  SYSOUT=*                                               
//SYSPUNCH DD  DUMMY                                                  
//SYSLIN   DD  DSN=&&LOADSET,DISP=(,PASS),UNIT=SYSDA,                 
//             SPACE=(CYL,(1,1)),                                     
//             DCB=(RECFM=FB,LRECL=80,BLKSIZE=3200)                   
//SYSPRINT DD  SYSOUT=*                                               
//SYSOUT   DD  SYSOUT=*                                               
//SYSCPRT  DD  SYSOUT=*                                               
//SYSUT1   DD  SPACE=(CYL,(1,1)),UNIT=SYSDA                           
//********************************************************************
//* Link ... if compile RC <= 4                                       
//********************************************************************
//LKED     EXEC PGM=LINKEDIT,PARM='RENT,REUS,XREF',COND=(4,LT)        //SYSLMOD  DD  DISP=SHR,DSN=&LOADLIB(FOCUSID)                      
//OBJECT   DD  DSN=&&LOADSET,DISP=(OLD,DELETE)                     
//SYSPRINT DD  SYSOUT=*                                           
//SYSUT1   DD  SPACE=(CYL,(1,1)),UNIT=SYSDA                        
//SYSLIN   DD  *                                                   
  INCLUDE OBJECT                                                   
  MODE    AMODE(31),RMODE(ANY)                                      
  ENTRY   FOCUSID                                                   
/*
Information Builders