Specific Control Options › OPTIONS in z/VM

OPTIONS in z/VM

Use the OPTIONS control option to replace several fixes in releases of CA Top Secret prior to r1.4. Any combination of the below options can be set by using the appropriate numbers as indicated.

This control option has the following format:

OPTIONS ({n,n,})

Where n represents any of the following numbers:

1

Enable APPCONN security. Turn on the optional APPCCONN security calls.

2

Do not audit CP commands. Do not cut an AUDIT Record for any CP commands unless a violation has taken place or the CP command is added to the AUDIT Record.

3

Do not audit DIAGNOSE checks. Do cut an AUDIT Record for any CP DIAGNOSE unless a violation has taken place or the CP DIAGNOSE is added to the AUDIT Record.

4

Enable IUCV security calls. Turn on the optional IUCV security calls.

5

Allow ' ' as VMMDISK character and not as a mask. Allow the administrator to use the character ' ' as data in a VMMDISK permit and do not treat it as a masking character.

6

Disable CPF old password reverification. When CPF routes automatically a changed password, the old password must match on the target node before the new password will replace it. This optional removes that matching requirement and causes this system to accept the password change.

7

User message modifications. Allow installation to optionally change the text of the TSS0100A, TSS0101A, TSS0102A, TSS0115E, and TSS0120A messages.

Notes:

• If option 7 is set but no zap applied, you will get the normal message.
• Only above listed messages can be modified by this control option.
• Message replacement must be the exact length of the existing message. If shorter, then pad with blanks.
• You do not need to replace all five messages, only what you wish to change.
• TSSVM MACLIB contains five members, names matching the message number, that contain the VER/REP statements needed to apply your message text. Punch from the MACLIB the number(s) needed. They will punch out with a filetype of COPY, and must be renamed to a filetype of ZAP.

8

Do not reset VMDALTID to ACID=. Normally a logon with ACID= has the VMDALTID replaced by the ACID name. This meant that the origninID of a spooled file would show the ACID and not the machine to which it was logged on. This optional prevents that replacement.

9

Save ACI groupname in VMDUSER7 8. Clients running product VSEG must use this control option to store the directory groupname into VMDUSER7 8 fields for that product's use.

10

TSS0540I displays comments. Normally TSSCRIPT clears comments from input prior to printing. This optional prints the comments from the card also.

11

VFORCE support. This optional is required if you are using the product VFORCE.

12

Allow '+' as SFS FILE character and not as a mask. Allow the administratior to use the character '+' as data in an SFS FILE permit and do not treat it as a masking character.

13

Display IP address as terminal address. If a user logs on through TCP/IP, show the IP address as the terminal address in TSSUTIL reports and TSS WHOAMI output. The IP address will be displayed as an 8 character hex field. If OPTIONS(13) is not set, then the logical device address (LDEVnnnn) will display as the terminal address.

14

Audit all activity at an audited terminal. If a terminal is being audited, audit all activity that takes place during the logon session at that terminal. If OPTIONS(14) is not set, then only the access of the terminal itself (but no subsequent activity) is audited.

15

Enforce CA Top Secret password for APPC logon. By setting OPTIONS(15) all APPC logons use the CA Top Secret password instead of the directory password. This setting is a subset of OPTIONS(1).

16

Include Scandinavian letters with NEWPW(FA) option. By default, the control option NEWPW(FA) forces a new password to contain one of the 26 letters in the English alphabet. Setting OPTIONS(16) expands the letters to include the letters in the Scandinavian alphabet.

17

By default to issue an XAUTOLOG command specifying a terminal you must have the XAUTOLOG command permitted with ACTION(XAUTO-ON). Setting OPTIONS(17) eliminates the need for ACTION(XAUTO-ON) on the permit.

There is no default for this control option.

18

Allow use of application interface to verify a specified ACID exists.

19

Enable CP-level OS/DSN security. This option must be selected during CP generation.

20

Normally, a LIST issued after an ACID characteristic expires but before EXPDAYS deletes the characteristic, the UNTIL date displays EXPIRED. With OPTIONS(77) set, LIST displays the actual UNTIL date even when expired.

21

Do not uppercase output in CPF journal file.

22

Mandatory to share TSSVM r12 SP1 with TSSVSE

Setting OPTIONS(22) disables the following CA Top Secret for z/VM r12 features:

• Password phrase support
• Mixed case password support
• Two byte rescode support
• Large ACID support.

If any of the CA Top Secret for z/VM database files are to be shared with a non-z/VM CA Top Secret environment, the database must be allocated and formatted by the non-z/VM environment. These steps ensure that the file allocations are consistent with the VSE and z/OS systems.

If OPTIONS(22) is not set, and a CA Top Secret for z/VSE r3 security file is used, the CA Top Secret r12 for VM Server will fail to initialize.

If OPTIONS(22) is set, and a CA Top Secret for z/VM r12 security file is used, the previously noted CA Top Secret for z/VM r12 features will remain disabled.