These environment variables relate to configuring the security and auditing environment.
- ES_CESN_NO_OS390
- Overrides the default behavior CESN transaction and the IMS sign-on screen response for invalid user credentials. Default
behavior reports "Your userid is invalid" or "Your password is invalid".
- Syntax
UNIX:
ES_CESN_NO_OS390=value
export CESN_NO_OS390
Windows:
SET CESN_NO_OS390=value
- Values
- Setting this variable to any value causes CESN and the IMS sign-on screen to produce an invalid credential message instead
of a specific invalid user or invalid password message.
- Default
Specific invalid user/password messages will be produced.
- ES_DISABLE_DFLTUSR_SIGNON
- Disables the default user ("mfuser") signon when invoking ES Monitor & Control (ESMAC).
- Syntax
UNIX:
ES_DISABLE_DFLTUSR_SIGNON=value
export ES_DISABLE_DFLTUSR_SIGNON
Windows:
ES_DISABLE_DFLTUSR_SIGNON=value
- Values
- Y or
y Having logged on to ES administration via your MFDS internal security account, you no longer receive the auto logon as "mfuser"
when accessing ESMAC.
- Default
- If this is not set,
mfuser will be used as the default user to sign in to ESMAC.
Note: Micro Focus recommends that you use the Advanced Region Properties page in the
Enterprise Server Common Web Administration (ESCWA) interface to configure this environment variable. See
Advanced Region Properties for more information.
- ES_ESM_PLTPISEC
- The level of security checking for PLTPI processing.
- Syntax
UNIX:
ES_ESM_PLTPISEC=value
export ES_ESM_PLTPISEC
Windows:
ES_ESM_PLTPISEC=value
- Values
- NONE - You do not want any security checking on PLT initialization programs.
- CMDSEC - You want CICS to perform command security checking only.
- RESSEC - You want CICS to perform resource security checking only.
- ALL - You want CICS to perform both command and resource security checking.
Default
NONE
- ES_ESM_RCF
- Determines how RACF is used for command authorization
- Syntax
UNIX:
ES_ESM_RCF=value
export ES_ESM_RCF
Windows:
ES_ESM_RCF=value
- Values:
- A Includes options T, C, and S.
- C Specifies that RACF is to be used for ETO terminal command authorization.
- N Specifies that no sign-on, transaction, or command authorization is to be performed by RACF.
- S Specifies that RACF is to be used for static and ETO terminal command authorization. Includes option C.
- T Specifies that RACF is to be used for sign-on and transaction authorization.
- Y Includes options T and C.
- Default
- N
- ES_OLD_SEC_TSTD
- Prevents security being enforced for TS or TD queues that are not declared in the security repository.
- Syntax
UNIX:
ES_OLD_SEC_TSTD=value
export ES_OLD_SEC_TSTD
Windows:
SET ES_OLD_SEC_TSTD=value
- Values
- Default
- By default security is enforced for TS or TD queues that are not declared in the security repository.
- ES_SURROGATE_JOB_USER
- Associates a user ID with a job when submitting the job for processing through the internal reader from CICS.
Syntax
UNIX:
ES_SURROGATE_JOB_USER=value
export ES_SURROGATE_JOB_USER
Windows:
ES_SURROGATE_JOB_USER=value
- Values
Any value - The user ID that started the ES region is used in the job submission.
Default
By default, the CICS default user CICSUSER, or as specified by
ES_USR_DFLT_CICS, is used in the job submission.
- MF_ROOT_CERT
- Enables the MF Directory Server process and any client applications to pick up the value of the root certificate file.
- MFAUDIT_LOGS
- The location of audit files.
- USSCONFIG
- Use this variable to point to the location of the SSL cipher suite specification file(s) used by the CIPHERS attribute in
the CICS URIMAP or TCPIPSERVICE resource.
The CIPHERS attribute in these CICS resources (which is for USAGE(CLIENT)) can be specified in one of the following ways:
- A string of up to 56 hexadecimal digits that is interpreted as a list of up to 28 2-digit cipher suite codes.
- The name of the SSL cipher suite specification file name can be up to 28 characters long including the extension which must
be
.xml. The file name can only contain the characters A-Z a-z 0-9 # - . @ _.
- Syntax
UNIX:
USSCONFIG=/absolute/path/to/cipher/suite/specification/file(s)
export USSCONFIG
Windows:
SET USSCONFIG=/absolute/path/to/cipher/suite/specification/file(s)