Implementing Security for IMS › Signon Security › /SIGN Command

/SIGN Command

Most users have to explicitly sign on to IMS using the IMS /SIGN command.

This command has the format:

/SIGN acidname password [NEWPW new-pswd]
                        [VERIFY ver-pswd]
                        [GROUP group id]
                        [ACCT acct-data]

acidname

The user's ACID. (Required)

Range: one- to eight-characters

Password

The user's password; always required unless the ACID has a password of NOPW.

NEWPW

(Optional) Indicates that the next parameter is a new password.

new-pswd

Specifies a new password. Specifying RANDOM causes CA Top Secret to automatically generate a new random password for the user.

VERIFY

(Optional) Indicates that the next parameter is a verification password, i.e. the new password entered again to ensure accuracy.

ver-pswd

Specifies the new password again to ensure accuracy. IMS verifies that the new password and the verification password are the same before processing the signon request.

GROUP

(Optional) Indicates that the next parameter is a group. For information on monitoring entry by GROUP see the User Guide.

group id

Specifies a group ID.

ACCT

(Optional) Indicates that the next parameter is user accounting data.

Note: If used, this must be the last item in the data string.

acct-data

Specifies installation-defined accounting data to be passed to the IMS Signon Exit (DFSCSGN0). CA Top Secret does not use this data in any way.

Note: If you reassemble the optional DFSMO1 IMS default format into your MFS FORMAT library, DFSMO1 automatically formats the /SIGN command for static terminals. Format DFSIGNP may be customized for sign on at dynamic (ETO) terminals.

When a user signs on to IMS, the following security checking is performed:

• ACID identification. You must identify yourself to CA Top Secret by specifying your ACID.
• Password checking. You must specify the password for the ACID.
• New password request. You may be required to enter a new password, based on the password change interval specified for the user ACID. Other new password rules based on the NEWPW control option, such as minimum length, may also apply.
• Facility (region) checking. You must be explicitly allowed to access the facility associated with the IMS region. As delivered, CA Top Secret has two facilities for IMS: IMSPROD and IMSTEST. Additional IMS facilities may be added by the installation. (See the chapter “Defining IMS to CA Top Secret” for more details on defining a new facility.)
• Note: When users sign on to a control region, they must be permitted to the same facility as the MASTFAC associated with the ACID of the control region.

  TSS ADDTO(USER01) FACILITY(IMSPROD)
  

• Terminal security. If the terminal is owned and therefore protected, the user must be permitted to access the terminal.
• Source security. You may be restricted to signing on to a terminal, or a group of terminals.
• Duplicate signon. You may be restricted from signing on to more than one terminal at a time with the same ACID.
• Suspended or expired. You will not be allowed to sign on if your ACID has a suspended or expired password.
• Last-used information and messages If all the above checks are successful, the user will be allowed to sign onto IMS. When the facility suboption LUMSG is in force, the TSS7000I last-used message is issued. To minimize security file I/O, NOLUUPD and NOLUMSG may be set in the facility; this suppresses the update and display of last-used information for signons in the IMS facility.
• Status messages. The TSS7001I status message accompany the last-used message.