Command Propagation Facility › CPF Related Control Options

CPF Related Control Options

CA Top Secret supplies control options that govern the use of CPF and enable distributed security to be maintained efficiently. At least one CPF‑related control options must be entered at CA Top Secret startup to use the CPF.

Once you have designated control options, your TSS commands automatically propagate to the default nodes.

The control options that tailor the CPF environment are:

CPF(ON|OFF|KILL|REFRESH)

Indicates whether CPF should be activated at CA Top Secret startup and lets you temporarily terminate the CPF subtask without bringing down all of CA Top Secret.

• ON—TSS commands are transmitted by this node or received from other nodes.
• If CPF(ON) has been specified, but CCI is not available or not fully initialized, CPF status is displayed as CPF(INIT). While CPF is in this status, commands are not propagated via CPF and are not logged to the CPF Recovery File. Once CCI completes its initialization, CPF status will display as CPF(ON), and command propagation and logging will take place.
• OFF—No TSS commands can be transmitted.
• KILL—Issued with a TSS MODIFY command to temporarily terminate the CPF subtask and automatically take a dump. The subtask can then be reattached by specifying TSS MODIFY(CPF(ON)).
• REFRESH—Issued with a TSS MODIFY command to terminate and immediately restart the CPF subtask, while rebuilding the in‑core node table based on current NDT CPFNODE definitions. Any commands queued in storage is released and the queues are rebuilt from the recovery file. When CPF is restarted, the new attributes of each node will only apply to new CPF messages queued after the refresh has completed. Commands and password changes already on the recovery file prior to the refresh is sent to the target nodes regardless of current node attributes.

CPFNODES(node1,node2A(S)|(R)|(C)|(P)|(GW)|(NB)|,...)

Identifies the remote CA Top Secret nodes from and/or to which CPF can propagate commands.

• (S)—Indicates that the local node can only send commands to the designated remote node.
• (R)—Indicates that the local node can only receive commands from the designated remote node.
• (C)—Specifies that only administrative command changes and DUF updates are sent to a node.
• (P)—Specifies that only password changes and suspensions are sent to a node.
• (GW)—Allows a CPF node to act as a CPF gateway or CPF server for another CPF node.
• (NB)—Indicates that the node is a no‑broadcast node; used when CPFTARGET(LOCAL) is the default.

User‑initiated changes (such as updated passwords or suspension due to access violations) or duf updates are propagated to those nodes identified by the CPFNODES control option.

CPFRCVUND(YES|NO)

Indicates whether the local node will receive commands issued from a remote node that hasn't been defined to the CPFNODES list. Default: NO.

CPFWAIT(YES|NO)

Sets a default value for the TSS command WAIT keyword.

• If CPFWAIT is omitted, CA Top Secret chooses a default of YES. This means that commands are processed on a synchronous basis, requiring the user to wait for the commands to complete on all specified nodes before the local command completes.
• If NO is selected, processing occurs asynchronously.

Regardless of whether you select YES or NO, the CPFWAIT control option can be overridden by the WAIT value on the individual TSS command.

CPFTARGET(AUTO|*|LOCAL)

Sets a default value for the TSS command TARGET keyword.

The security administrator can select one of three options.

• AUTO—Indicates that, if a target node is not explicitly identified on a command, that command will automatically propagate to those nodes identified by the ACID's DEFNODES.
• asterisk (*)—Indicates all nodes defined as send‑only or send/receive in the CPFNODES control option. Nodes defined as receive‑only are not included.
• LOCAL—Indicates a particular local node.