Use value in CFB to update MCA USERID

Idea created by amypost on Jul 16, 2015
    Wish-Listed
    Score5
    • rmateus
    • gary.donoghue
    • amypost
    • DariusPanahy
    • TimDargavel

    None of the CA Gen MQ exits provide a mechanism to override the specific MCA Userid used for MQ channel security, which if not provided in some other form will always be set to the local [Windows] ID. Transactional security can be controlled via the user passed as part of the CA Gen common format buffer (CFB) but this Userid IS NOT, ever passed to MQ channel security, and so if you have channel security enabled (RACF) you will always receive User not authorized when communicating with a z/OS server.

     

    We are using the GuardIEn 8.5 login dialog (where we enter our TSO ID and password - which in the case of the FBI NCIC group is different from our Windows User ID and password). This DOES update the CA Gen CFB Userid so this can then be verified, with appropriate settings of GuardIEn system parameter MVSLOGN as well as changes to the TIRSECVX exit, to ensure that the User ID entered is valid and that the associated password is also correct. However, architecturally, as CA Gen presently has no capability to update the MCA Userid via the CFB, our GuardIEn dialog cannot set the value to the TSO ID entered.

     

    We would like to request an enhancement from CA for the Gen MQ client runtimes to allow the MCA Userid to be provided or obtained from the CA Gen client userid/password values in the Gen runtime.

     

     

    My CA Support login is not correct, it is Amy.Post@ic.fbi.gov