Security and Auditing Environment Variables

Restriction: This topic applies only when the Enterprise Server feature is enabled.

These environment variables relate to configuring the security and auditing environment.

ES_CESN_NO_OS390
Overrides the default behavior CESN transaction and the IMS sign-on screen response for invalid user credentials. Default behavior reports "Your userid is invalid" or "Your password is invalid".
Syntax
UNIX:
ES_CESN_NO_OS390=value
export CESN_NO_OS390
Windows:
SET CESN_NO_OS390=value
Values
  • Setting this variable to any value causes CESN and the IMS sign-on screen to produce an invalid credential message instead of a specific invalid user or invalid password message.
Default

Specific invalid user/password messages will be produced.

ES_DISABLE_DFLTUSR_SIGNON
Disables the default user ("mfuser") signon when invoking ES Monitor & Control (ESMAC).
Syntax
UNIX:
ES_DISABLE_DFLTUSR_SIGNON=value
export ES_DISABLE_DFLTUSR_SIGNON
Windows:
ES_DISABLE_DFLTUSR_SIGNON=value
Values
  • Y or y Having logged on to ES administration via your MFDS internal security account, you no longer receive the auto logon as "mfuser" when accessing ESMAC.
Default
If this is not set, mfuser will be used as the default user to sign in to ESMAC.
ES_OLD_SEC_TSTD
Prevents security being enforced for TS or TD queues that are not declared in the security repository.
Syntax
UNIX:
ES_OLD_SEC_TSTD=value
export ES_OLD_SEC_TSTD
Windows:
SET ES_OLD_SEC_TSTD=value
Values
  • Any value.
Default
By default security is enforced for TS or TD queues that are not declared in the security repository.
MF_ROOT_CERT
Enables the MF Directory Server process and any client applications to pick up the value of the root certificate file.
MFAUDIT_LOGS
The location of audit files.
USSCONFIG
Use this variable to point to the location of the SSL cipher suite specification file(s) used by the CIPHERS attribute in the CICS URIMAP or TCPIPSERVICE resource.

The CIPHERS attribute in these CICS resources (which is for USAGE(CLIENT)) can be specified in one of the following ways:

  • A string of up to 56 hexadecimal digits that is interpreted as a list of up to 28 2-digit cipher suite codes.
  • The name of the SSL cipher suite specification file name can be up to 28 characters long including the extension which must be .xml. The file name can only contain the characters A-Z a-z 0-9 # - . @ _.
Syntax
UNIX:
USSCONFIG=/absolute/path/to/cipher/suite/specification/file(s)
export USSCONFIG
Windows:
SET USSCONFIG=/absolute/path/to/cipher/suite/specification/file(s)