OPTIONS (z/VM)—Replace Fixes from Prior Product Releases

Specific Control Options › OPTIONS (z/VM)—Replace Fixes from Prior Product Releases

OPTIONS (z/VM)—Replace Fixes from Prior Product Releases

Use the OPTIONS control option to replace several fixes in releases of CA Top Secret prior to r1.4. You can set any combination of the following options by using the appropriate numbers as indicated.

This control option has the following format:

OPTIONS ({n,n,})

In the syntax, n represents any of the following numbers:

1

Enables APPCONN security. Turn on the optional APPCCONN security calls.

2

Specifies to not audit CP commands. Do not cut an AUDIT record for any CP commands unless a violation has taken place or the CP command is added to the AUDIT Record.

3

Specifies to not audit DIAGNOSE checks. Do cut an AUDIT record for any CP DIAGNOSE unless a violation has taken place or the CP DIAGNOSE is added to the AUDIT Record.

4

Enables IUCV security calls. Turn on the optional IUCV security calls.

5

Allows ' ' as VMMDISK character and not as a mask. Allow the administrator to use the character ' ' as data in a VMMDISK permit and do not treat it as a masking character.

6

Disables CPF old password reverification. When CPF routes automatically a changed password, the old password must match on the target node before the new password will replace it. This optional removes that matching requirement and causes this system to accept the password change.

7

Allows user modifications to the text of the TSS0100A, TSS0101A, TSS0102A, TSS0115E, and TSS0120A messages.

For z/VM 6.2 and below, the following considerations apply:

If option 7 is set but no zap applied, you get the normal message.
Only messages TSS0100A, TSS0101A, TSS0102A, TSS0115E, and TSS0120A can be modified by this control option.
Message replacement must be the exact length of the existing message. If shorter, then pad with blanks.
You do not need to replace all of the messages (only what you want to change).
TSSVM MACLIB contains five members (with names matching the message number) that contain the VER/REP statements needed to apply your message text. Punch from the MACLIB the number(s) needed. They will punch out with a filetype of COPY and must be renamed to a file type of ZAP.

For z/VM 6.3, setting option 7 retrieves the TSS0100A, TSS0101A, TSS0102A, TSS0115E, and TSS0120A messages from the TSSUMT module.

Note: For instructions on supplying customized signon messages, see the Installation Guide.

8

Specifies to not reset VMDALTID to ACID=. Normally a logon with ACID= has the VMDALTID replaced by the ACID name. This meant that the origninID of a spooled file would show the ACID and not the machine to which it was logged on. This optional prevents that replacement.

9

Saves ACI groupname in VMDUSER7 8. Clients running product VSEG must use this control option to store the directory groupname into VMDUSER7 8 fields for that product's use.

10

Includes user-supplied input comments in the printed output from message TSS0540I. The ability to include printed comments allows the user to supply unique tagging for relating input to output.

11

(Required if you are using the VFORCE product) Enables VFORCE support.

12

Allows '+' as SFS FILE character and not as a mask. Allow the administrator to use the character '+' as data in an SFS FILE permit and do not treat it as a masking character.

13

Displays IP address as terminal address. If a user logs on through TCP/IP, show the IP address as the terminal address in TSSUTIL reports and TSS WHOAMI output. The IP address will be displayed as an 8 character hex field. If OPTIONS(13) is not set, then the logical device address (LDEVnnnn) will display as the terminal address.

14

Audits all activity at an audited terminal. If a terminal is being audited, audit all activity that takes place during the logon session at that terminal. If OPTIONS(14) is not set, then only the access of the terminal itself (but no subsequent activity) is audited.

15

Enforces CA Top Secret password for APPC logon. By setting OPTIONS(15) all APPC logons use the CA Top Secret password instead of the directory password. This setting is a subset of OPTIONS(1).

16

Includes Scandinavian letters with NEWPW(FA) option. By default, the control option NEWPW(FA) forces a new password to contain one of the 26 letters in the English alphabet. Setting OPTIONS(16) expands the letters to include the letters in the Scandinavian alphabet.

17

Adjusts the need for ACTION(XAUTO-ON) when having an XAUTOLOG command permitted. By default, to issue an XAUTOLOG command specifying a terminal, you must have the XAUTOLOG command permitted with ACTION(XAUTO-ON). Setting OPTIONS(17) eliminates the need for ACTION(XAUTO-ON) on the permit.

This control option does not have a default.

18

Allows use of application interface to verify that a specified ACID exists.

19

Enables CP-level OS/DSN security. This option must be selected during CP generation.

20

Normally, a LIST issued after an ACID characteristic expires but before EXPDAYS deletes the characteristic, the UNTIL date displays EXPIRED. With OPTIONS(77) set, LIST displays the actual UNTIL date even when expired.

21

Specifies to not have uppercase output in CPF journal file.

22

(Mandatory to share CA Top Secret for z/VM r12 SP1 with CA Top Secret for z/VSE) Disables the following CA Top Secret for z/VM r12 features:

Password phrase support
Mixed case password support
Two byte rescode support
Large ACID support

If any of the CA Top Secret for z/VM database files are to be shared with a non-z/VM CA Top Secret environment, the database must be allocated and formatted by the non-z/VM environment. These steps ensure that the file allocations are consistent with the VSE and z/OS systems.

If OPTIONS(22) is not set, and a CA Top Secret for z/VSE r3 security file is used, the CA Top Secret r12 VM server will fail to initialize.

If OPTIONS(22) is set, and a CA Top Secret for z/VM r12 security file is used, the previously noted CA Top Secret for z/VM r12 features will remain disabled.