Use the OPTIONS control option to replace several fixes in releases of CA Top Secret prior to r1.4. Any combination of the below options can be set by using the appropriate numbers as indicated.
This control option has the following format:
OPTIONS ({n,n,})
Where n represents any of the following numbers:
Enable APPCONN security. Turn on the optional APPCCONN security calls.
Do not audit CP commands. Do not cut an AUDIT Record for any CP commands unless a violation has taken place or the CP command is added to the AUDIT Record.
Do not audit DIAGNOSE checks. Do cut an AUDIT Record for any CP DIAGNOSE unless a violation has taken place or the CP DIAGNOSE is added to the AUDIT Record.
Enable IUCV security calls. Turn on the optional IUCV security calls.
Allow ' ' as VMMDISK character and not as a mask. Allow the administrator to use the character ' ' as data in a VMMDISK permit and do not treat it as a masking character.
Disable CPF old password reverification. When CPF routes automatically a changed password, the old password must match on the target node before the new password will replace it. This optional removes that matching requirement and causes this system to accept the password change.
User message modifications. Allow installation to optionally change the text of the TSS0100A, TSS0101A, TSS0102A, TSS0115E, and TSS0120A messages.
Notes:
Do not reset VMDALTID to ACID=. Normally a logon with ACID= has the VMDALTID replaced by the ACID name. This meant that the origninID of a spooled file would show the ACID and not the machine to which it was logged on. This optional prevents that replacement.
Save ACI groupname in VMDUSER7 8. Clients running product VSEG must use this control option to store the directory groupname into VMDUSER7 8 fields for that product's use.
TSS0540I displays comments. Normally TSSCRIPT clears comments from input prior to printing. This optional prints the comments from the card also.
VFORCE support. This optional is required if you are using the product VFORCE.
Allow '+' as SFS FILE character and not as a mask. Allow the administrator to use the character '+' as data in an SFS FILE permit and do not treat it as a masking character.
Display IP address as terminal address. If a user logs on through TCP/IP, show the IP address as the terminal address in TSSUTIL reports and TSS WHOAMI output. The IP address will be displayed as an 8 character hex field. If OPTIONS(13) is not set, then the logical device address (LDEVnnnn) will display as the terminal address.
Audit all activity at an audited terminal. If a terminal is being audited, audit all activity that takes place during the logon session at that terminal. If OPTIONS(14) is not set, then only the access of the terminal itself (but no subsequent activity) is audited.
Enforce CA Top Secret password for APPC logon. By setting OPTIONS(15) all APPC logons use the CA Top Secret password instead of the directory password. This setting is a subset of OPTIONS(1).
Include Scandinavian letters with NEWPW(FA) option. By default, the control option NEWPW(FA) forces a new password to contain one of the 26 letters in the English alphabet. Setting OPTIONS(16) expands the letters to include the letters in the Scandinavian alphabet.
By default to issue an XAUTOLOG command specifying a terminal you must have the XAUTOLOG command permitted with ACTION(XAUTO-ON). Setting OPTIONS(17) eliminates the need for ACTION(XAUTO-ON) on the permit.
There is no default for this control option.
Allow use of application interface to verify a specified ACID exists.
Enable CP level OS/DSN security. This option must be selected during CP generation.
|
Copyright © 2014 CA Technologies.
All rights reserved.
|
|