Free Trial

Safari Books Online is a digital library providing on-demand subscription access to thousands of learning resources.


Share this Page URL
Help

16.1: Conceptual overview of TN3270 secu... > How TN3270 security works - Pg. 676

16.1 Conceptual overview of TN3270 security TN3270 security addresses issues related to client access to the z/OS system and to applications on the system and the protection of data that is exchanged between the client and the server. Security policies can be defined based on user IDs or on user IP addresses. This section discusses the following topics: What is TN3270 security How TN3270 security works How TN3270 security can be applied 16.1.1 What is TN3270 security TN3270 security can control client access to the z/OS system by verifying the user ID of clients requesting access to applications. The user ID can be obtained directly from the user by way of a prompting message that requests the user to supply the user ID and password. Client access can also be controlled by using digital certificate exchanges between the client and server. Network access control can be achieved by imposing security policies based on a combination of the client user ID, the client IP address, and system resources. The TN3270 server provides client and server authentication and data encryption methods by using digital certificates with a protocol called Transport Layer Security (TLS). The TN3270 server supports two TLS methods: TLS and AT-TLS. TLS is provided natively by TN3270 internal code, and is the basic, less functional method. AT-TLS is provided externally through the policy agent, and is the preferred method because of the additional functionality it provides.