Implementing Security for CA IDMS › Implementing Security › Automatic Terminal Signon

Automatic Terminal Signon

CA Top Secret allows for the automatic signon of an CA IDMS terminal. This feature is useful for applications requiring minimal security, or where the physical security surrounding a terminal is adequate for the sensitivity of the application. Automatic Terminal Signon is also useful for receive-only terminals, which are used for displaying secured information.

Automatic Terminal Signon is performed whenever a task is entered prior to performing an CA IDMS signon, and there exists a CA Top Secret ACID by the same name as the terminal name.

The terminal name used will depend on your environment:

• For a VTAM terminal, the VTAM node name will be used.
• For all other terminals, the CA IDMS PTERM will be used.

Terminals with ACIDs defined will automatically be eligible for Automatic Terminal Signon. If there is no ACID defined with the same name as the terminal defined to CA Top Secret then the task will be failed and the user will receive an CA IDMS message requesting that an explicit signon be performed.

If the ACID exists, then CA Top Secret performs the security checks (4) through (9), described previously, for security checking. If these checks are successful, the ACID is associated with that terminal until signoff, just as if an explicit signon had been performed. Finally, the task will be processed (subject to LCF task security).

Note: If the Automatic Terminal Signon is successful, the user who entered the task will not be aware of the process.

Several special requirements must be fulfilled before Automatic Terminal Signon (ATS) is supported:

• The SRTT TYPE=INITIAL entry must be assembled with the value DFLTSGN=YES.
• This entry suppresses default ACID signon (explained below).
• The SRTT TYPE=ENTRY for RESTYPE=TASK must be set to SECBY=EXTERNAL.
• Tasks designated as "safe" never invoke ATS. See the section OTRAN Security for information on designating a task as safe.

Using Default ACID Signon

CA IDMS makes the following special requirement when using default ACID signon:

• The SRTT TYPE=INITIAL entry must be assembled with the value DFLTSGN=NO.
• In CA IDMS, Automatic Terminal Signon and default ACID signon are mutually exclusive, since the above SRTT entry suppresses Automatic Terminal Signon.

Then the security administrator:

• Sets a facility DEFACID for any CA IDMS multi-user facility. An example follows:

  TSS MODI FAC(IDMSPROD=DEFACID(dfltacid))
  

• Must explicitly create the dfltacid specified for the facility. It is recommended that the ACID be of limited access since its use is automatic.
• If the end-user attempts to sign on to the facility with a blank or non-existent ACID, the dfltacid will be used to sign the user on to the facility.

The security checks listed in (4) through (9) in section 1.8.2.1, "SIGNON Task," are performed on the default ACID signon.