SECOPT

Display all the security options, including the system SECADMIN option, and their current settings.

Example partial response:

******* Security Options *******

InfoGuard      : Authorized

SecAdmin       : Not authorized

Class          : S0

The InfoGuard setting is based on the presence of four Secure Access Control Module feature keys: Secure Access Control Module, Password Management Facility, Secure Accountability Facility, and Secure Identification Facility. Authorized is displayed if the Secure Access Control Module key is present or if all four of the other keys are present; otherwise, Not Authorized is displayed. If a subset of keys is present, the individual feature key is displayed with a status of “Authorized.” The feature keys are labeled as “Password Management,” “Accountability,” and “Identification.”

SECOPT- DISKSCRUB

Set the DISKSCRUB option to FALSE.

SECOPT CLASS S2

Set the security options appropriate for a system running at a high level of security.

SECOPT NONUSERFILES PRIVATE, + PROGDUMPFILTER

Assigns the value PRIVATE to the NONUSERFILES option and TRUE to the PROGDUMPFILTER option.

AISFILEACCESS (values DISABLED, ALLOWED)

Determines whether Application Integration Services for ClearPath MCP file access is allowed.

The default value is ALLOWED.

ANONACCOUNTING (values OK, NOTOK)

Determines whether the ACCOUNTING attributes can be set to a value other than IDENTIFIED.

Requires the Secure Access Control Module or the Secure Accountability Facility to be installed.

AUTHBYPASSWORD (values DISABLED, ALLOWED, DESIRED, REQUIRED)

Controls the use of password authentication for SSH connections.

The default value is ALLOWED.

DISABLED: No new connection can use password authentication.

ALLOWED: Use of password authentication on a new connection is not preferred, but it is supported.

DESIRED: Use of password authentication on a new connection is preferred, but it is not required.

REQUIRED: All new connections must use password authentication.

If AUTHBYPASSWORD is set to REQUIRED, AUTHBYPUBLICKEY is automatically set to DISABLED.

AUTHBYPUBLICKEY (values DISABLED, ALLOWED, DESIRED, REQUIRED)

Controls the use of public-key authentication for SSH connections.

The default value is DESIRED.

DISABLED: No new connection can use public key authentication.

ALLOWED: Use of public key authentication on a new connection is not preferred, but it is supported.

DESIRED: Use of public key authentication on a new connection is preferred, but it is not required.

REQUIRED: All new connections must use public key authentication.

If AUTHBYPUBLICKEY is set to REQUIRED, AUTHBYPASSWORD is automatically set to DISABLED.

AUTHENTICATION (values DISABLED, ALLOWED, DESIRED, REQUIRED)

Controls authentication of TELNET connections.

CANDE ALLLOGIN, DIALLOGIN, SECALL, SECDIALIN, SECPSEUDO, USECOMSPRIV (values TRUE, FALSE)

Apply restrictions to CANDE stations. The values have the same effects as the corresponding options of the CANDE operations ?OP command. See SECOPT Command CANDE Option Values.

CANDE LAISSEZFILE

Integer in the range 0–6.

Regulates the ways in which remote files from one program can communicate with other stations. See “?LAISSEZFILE Command” in Controlling File Access for details.

When the CLASS security option is set to S0, S1, or S2, the CANDE LAISSEZFILE option is set to the value of the SECOPT CANDE LAISSEZFILE option. The CANDE LAISSEZFILE option must be set by using the SECOPT command. It cannot be set from a control station.

CASESENSITIVEPW (values TRUE, FALSE)

Determines whether passwords and accesscode passwords are treated as case-sensitive.

When the CASESENSITIVEPW option is set, passwords must be entered in a case-sensitive manner, that is, matching the capitalization used to store the passwords in the USERDATAFILE. Passwords can be entered with lowercase characters and special characters without being enclosed in quotation marks.

If the option is FALSE, passwords that are not enclosed in quotation marks are automatically uppercased and handled in a case-insensitive manner. If a password contains lowercase characters and special characters, it must be enclosed in quotation marks.

CLASS (values U, S0, S1, S2)

Assigns a class of security to the system. See CLASS Security Option Values for details.

S0 requires at least one of the following secure license facilities to be installed:

Password Management Facility

Secure Accountability Facility

Secure Identification Facility

ALGOLCHECK

Determines how ALGOL code files with a code version that is less than the recommended minimum are handled.

When this option is

CLIENTENCRYPTION (values DISABLED, ALLOWED, REQUIRED)

Determines whether the redirector negotiates SMB encryption.

CLIENTSIGNING (values DISABLED, ALLOWED, REQUIRED)

Determines whether the redirector negotiates SMB signing.

ALLOWED and REQUIRED requires that a cryptography engine is enabled.

CODEVERIFYCHECK (values NONE, MIGRATION, CONDITIONAL, REQUIRED)

Determines the system's protocol for code file verification.

The default value is MIGRATION.

CODEVERIFYGEN (values NONE, CHECKSUM)

Determines the method that the system uses to generate code file verification data.

The default value is CHECKSUM.

CRSCASSIGN (values OK, NOTOK)

Determines whether ODT files can be assigned without operator intervention.

DIRECTLP (values OK, NOTOK)

Determines whether direct line printers can be assigned without operator intervention.

DISKSCRUB (values TRUE, FALSE)

Controls whether the system treats all user disk files, including temporary files, in the following way: After the file is removed or no longer occupies a disk area, residual data on the disk are unreadable. The system ensures that old data remaining in a disk area are “scrubbed” before the area is reused.

DMALGOLUNSAFE (values TRUE, FALSE)

Controls whether the system can execute DMALGOL programs marked as nonexecutable because they contain unsafe constructs.

If the option is TRUE, the system can execute such a program only if it has been named in an MP (Mark Program) system command that specifies the EXECUTABLE option, or if the program has been made a support library through the SL command and is linked BYFUNCTION.

If the option is FALSE, the system can execute such programs regardless of whether they have been designated as EXECUTABLE.

ENCRYPTION (values DISABLED, ALLOWED, DESIRED, REQUIRED)

Controls encryption of TELNET connections.

ERASE (values ZEROS, TRIPLE, TRIPLEVERIFY )

Determines which disk algorithm the system uses to scrub the areas of disk files that have been removed and that have the SENSITIVEDATA file attribute set. For the value ZEROS, the system writes binary zeros to the areas. For the value TRIPLE, the system first writes a random character to the areas, then the complement of that random character, and then another random character. For the value TRIPLEVERIFY, the system first writes a random character to the areas, then the complement of that character, then another random character, and finally it reads the areas to verify that they contain the last random character.

GSSAPI (values TRUE, FALSE)

Determines whether the Generalized Security Services Application Program Interface (GSS–API) is available for use.

HOSTSRESTRICTED (values TRUE, FALSE)

Provides protection against importation of potentially hazardous files from foreign hosts. Specifically, this option controls whether all remote hosts are treated as restricted hosts.

When the option is TRUE, only a user with security-administrator status can open hazardous files from a restricted host. See “RESTRICT (Set Restrictions) Command” in Controlling File Access for information about restricted files.

LANMANLEVEL

Integer in the range 0–5.

Determines the authentication protocols acceptable when authenticating with Windows systems. The value corresponds with the LMCompatibilityLevel.

LIMITCOMSUTIL (values TRUE, FALSE)

Determines whether a usercode must have COMSCONTROL privilege to access the COMS Utility window.

LIMITREMOTESPO (values TRUE, FALSE)

Determines whether the REMOTESPO command requires the station to be in the list of authorized REMOTESPO stations.

LOGONATTEMPTS

Integer in the range 0–15.

Specifies the number of times the user can attempt to log-on to MARC or CANDE. When the number of unsuccessful log-on attempts equals the number specified for the option, the system denies all subsequent attempts to log-on from that station.

If 0, the user is permitted an unlimited number of log-on attempts.

If 1–15, the user is restricted to the specified number of log-on attempts.

MFA (values DISABLED, ENABLED)

Determines if a second authentication factor is required during log on. When MFA is ENABLED, the settings of the usercode attributes MFAREQUIRED and MFAPROTOCOL control whether two-factor authentication is attempted for the user.

MODIFYGUARDFILE (values OK, NOTOK)

Determines whether a file with a FILEKIND value of GUARDFILE can be modified.

NOCOPYONTO (values TRUE, FALSE)

Determines whether the COPY ONTO library maintenance action is permitted.

NOLMHASH (values TRUE, FALSE)

Determines whether the LM password is stored in the USERDATAFILE and whether the LM protocol can be used for authentication.

You can change the setting of the NOLMHASH option to enable the LM protocol with the following system command:

SECOPT - NOLMHASH

NONPRIVUNITNO (values OK, NOTOK)

For files with a KIND attribute value other than ODT or SPO, determines whether a nonprivileged program can use the UNITNO attribute.

For files with a KIND value of ODT or SPO, determines whether a program that was not initiated from that ODT can set the UNITNO attribute. The restriction is enforced regardless of the privileges assigned to the program.

NONUSERFILES (values PUBLIC, PRIVATE)

Specifies the default value of the SECURITYTYPE file attribute for files created by programs that do not run under a usercode.

Unowned files that are public before NONUSERFILES is set to PRIVATE continue to be public files; they are not made private retroactively. To protect such files, assign appropriate values to the SECURITYTYPE, SECURITYUSE, and SECURITYGUARD attributes.

A SECURITYTYPE value of PRIVATE for all files without associated usercodes might cause problems for nonprivileged users or programs that need access to certain of those files. In particular, problems can arise with respect to printer backup files created under the nonusercode (*) directory for a nonprivileged user. Such a user is denied access to his or her own backup files when NONUSERFILES is set to PRIVATE. To prevent this problem, assign USERCODEDBACKUP the value TRUE if NONUSERFILES is set to PRIVATE.

NOSUPERUSER (values TRUE, FALSE)

Determines whether Transaction Server permits superusers—that is, sessions running without a usercode.

OLDBKUPSECURITY (values TRUE, FALSE)

Determines if the system is using old backup security rules.

When OLDBKUPSECURITY is

TRUE, the system enforces old security rules on backup files in backup directories *BD and *REMLPnn. Nonprivileged users have limited access to such files even though they are the owners of the files.

FALSE, the system allows nonprivileged users more flexibility in manipulating their backup files under the *BD and *REMLPnn backup directories. This includes the ability to see, change, remove, and copy such files directly.

OLDDMSSECURITY (values TRUE, FALSE)

Determines whether access to a Enterprise Database Server database is controlled by the attributes of the opener or by the FILEACCESSRULE attribute value of the database opener.

ONC RPC AUTHVALIDATION (values N/A)

This security option is no longer used.

PASSWORDCHANGE (values DISABLED, ENABLED)

Determines whether a user procedure is called when a usercode password or accesscode password is changed.

PASSWORDMGMT (values MINIMAL, GENERATED)

Specifies whether passwords are assigned by the security administrator or generated by the system.

When PASSWORDMGMT equals MINIMAL, the security administrator must initially assign passwords in the USERDATAFILE. The user can change the password later with the CANDE PASSWORD command or on the MARC Password screen.

When PASSWORDMGMT equals GENERATED, the system generates random passwords when the user accesses the MARC Password screen. The feature is also available to the security administrator when he or she runs MAKEUSER. Users are unable to choose their own passwords and the MU (Make User) system command is disabled.

A password is composed of three familiar words joined in a phrase. The default language is English. The words are combined according to the rules of grammar of that language, although the phrase might not be semantically complete or correct. For example, the following are passwords generated by the system: CreamyShadyTrain, YoungTimberGrades.

On a password-generating system, ensure that every usercode has the value of VIOLATIONLIMIT set between 5 and 10 and the value of DAYSACTIVE set between 10 and 20. These settings achieve the security standards specifications of the National Institute of Standards and Technology to prevent a security breach through someone guessing a password.

If the password generator fails to produce passwords, the dictionaries or the set of rules for the language used by the generator are faulty. If the generator fails to generate passwords in any language, including English, the INFOGUARDSUPPORT code file is corrupted. In this situation, either turn the generator off by resetting this option to MINIMAL or install a new INFOGUARDSUPPORT code file as the INFOGUARDSUPPORT system library.

For information about how to integrate your own password generator into a Secure Access Control Module password-generating system, refer to the topic “Using a Password Generator” in the Security Software Developers Kit (SDK).

PASSWORDS (values REQUIRED, ONEONLY, NOTRESTRICTED)

Determines whether usercodes must have at least one password, can have at most one password, or can have no password.

PROGDUMPFILTER (values TRUE, FALSE)

Determines what data a nonprivileged user can view when requesting a program dump, and controls the export of program dump disk files.

When PROGDUMPFILTER is TRUE, nonprivileged users can view only the contents of their own data when they request a program dump. A nonprivileged user requesting a program dump is unable to view the contents of unowned libraries, unowned databases, libraries and databases owned by other users, and system data. If the program dump is taken to disk rather than to printer, then suppressed data can be analyzed by a privileged user.

When this option is TRUE, a security relevant warning is generated if a program dump disk file is copied, and nonprivileged users are not allowed to copy program dump disk files to restricted destinations, that is, restricted units, restricted volumes, restricted families, and remote hosts if HOSTSRESTRICTED is set.

When this option is FALSE, nonprivileged users can view all the data included in the program dump.

RESTRICTUNWRAP (values TRUE, FALSE)

Determines whether unwrapped files are marked as RESTRICTEDFILE. The default value is TRUE.

When the CLASS security option is set to S1 or S2 from a lower class, the value of RESTRICTUNWRAP is set to TRUE, but can be set to FALSE.

SECURECOMM

SECURECOMM AIS

SECURECOMM CONNPSH

SECURECOMM MCPSERVER

SECURECOMM MCPSQL

SECURECOMM NXEDIT

SECURECOMM OLEDB

SECURECOMM TELNET

(values DISABLED, ALLOWED, REQUIRED)

Determines whether AIS, CONNPSH, MCPSERVER, MCPSQL, NX/Edit, OLEDB, and Telnet offer secure connections.

Use the AIS, CONNPSH, MCPSERVER, MCPSQL, NXEDIT, OLEDB, and TELNET qualifiers to set the value for a specific product.

The option can be set to one of the following values:

SECUREPASSWORD (values TRUE, FALSE)

Determines whether CANDE and MARC require that passwords be entered in secure video.

SECURITYLABELS (values OK, NOTOK)

Determines whether the system ignores the SECURITYLABELS volume attribute.

SERVERENCRYPTION (values DISABLED, ALLOWED, REQUIRED)

Determines whether Client Access Services negotiates SMB encryption.

SERVERSIGNING (values DISABLED, ALLOWED, REQUIRED)

Determines whether Client Access Services negotiates SMB signing.

ALLOWED and REQUIRED requires that a cryptography engine is enabled.

SHARELOGGING (values DISABLED, ALLOWED, REQUIRED)

Determines whether Client Access Services logs SHARE connections in the SUMLOG.

SLREPLACE (values TRUE, FALSE)

Determines whether the system generates a warning message whenever it replaces a library that has been named in an SL (Support Library) system command.

SLTRANSFORMS (values TRUE, FALSE)

Determines whether Remote Print System restricts device transforms to entry points in libraries that have been named in SL (Support Library) system commands.

SUMLOGFULL (values HALTLOAD, DISCARD)

Determines the recovery action that the system is to take if no space exists for either the SUMLOG or the security log and the last row is full, or if the system can no longer write to the log file. A value of HALTLOAD directs the system to halt/load. The halt/load is initiated by a fatal system dump through NO SUMLOG SPACE or LOST SUMLOG HDR. A value of DISCARD directs the system to discard the log records. The time periods when logs are being discarded are recorded in the Log Discard Periods entry (major type 2, minor type 33) at record 1 of the SUMLOG or security log.

SUMLOGSECURITY (values PUBLIC, PRIVATE)

Determines the value of the SECURITYTYPE attribute for the system SUMLOG. The security log is not affected; its SECURITYTYPE attribute is always PRIVATE.

SUSPENDDELAY (values 0-4095)

Specifies the number of minutes that a usercode or accesscode remains suspended if it has been suspended for exceeding the logon violation limit. A value of 0 disables the automatic reactivation functionality.

S1RESTRICTIONS (values TRUE, FALSE)

When TRUE, assigns values to some security options. See CLASS Security Option Results (Values S0 – S2) and S1RESTRICTIONS and S2RESTRICTIONS Security Option Results.

S2RESTRICTIONS (values TRUE, FALSE)

When TRUE, assigns values to some security options. See CLASS Security Option Results (Values S0 – S2) and S1RESTRICTIONS and S2RESTRICTIONS Security Option Results.

TADSWARN (values TRUE, FALSE)

When TRUE, instructs the system to generate a warning message when a TADS-capable code file is the target of a system command such as:

MP (Mark Program) command with the PU, SECADMIN, COMPILER, or EXECUTABLE option

SL (Support Library) command

TAPECHECK (values NONE, AUTOMATIC)

Specifies whether the system performs tape security checking. When TAPECHECK equals NONE, no tape security checking is performed. When TAPECHECK equals AUTOMATIC, the system uses a tape-volume database to manage tape security. This database—called the tape volume directory—enables you to associate usercodes, security file attributes, and guard files with tape volumes. See Controlling Tape File Access for details.

The tape security system goes into effect at the first halt/load following a TAPECHECK = AUTOMATIC specification. If it is specified and a tape volume directory does not yet exist, during the halt/load sequence, the message “OK TO CREATE VOLUME DIRECTORY” appears on the ODT. The operator must respond OK to implement automatic tapecheck, so be sure to inform operations when automatic tapecheck is requested.

TAPESCRUB (values TRUE, FALSE)

When TRUE, instructs the system to “scrub” a loaded tape that supports the data-security-erase feature when it is either purged with the PG system command, relabeled with the SN system command, rewritten, or after any operation that causes the tape to be purged.

The TAPESCRUB option has no effect during system memory dumps. That is, the system does not scrub tapes in the process of a system memory dump.

UDTIMESTAMPS (values TRUE, FALSE)

Determines whether creation and modification timestamps are maintained for usercode entries in the USERDATAFILE.

When UDTIMESTAMPS is TRUE, the CREATETIME, USERMODIFYTIME and SYSTEMMODIFYTIME attributes are maintained.

UNLABELEDTAPES (values OK, NOTOK)

Determines whether operator intervention is required before unlabeled tapes can be assigned for input or output. It also determines whether a TAPEMANAGER library can execute a UL (Unlabeled) system command.

USERCODEDBACKUP (values TRUE, FALSE)

Determines where the system writes printer/punch backup files.

When USERCODEDBACKUP is TRUE, all printer/punch backup files created by a process that has a usercode associated with it are placed under that usercode directory.

When USERCODEDBACKUP is FALSE, all printer/punch backup files are placed under the nonusercode (*) directory unless the value of the USERBACKUPNAME file attribute is TRUE or the BDNAME task attribute is assigned a value.

For more information about printer files, the USERBACKUPNAME file attribute, and the BDNAME task attribute, see the Print System Guide.

ALLLOGIN

Sets the conditions for permitting the opening of a foreign remote file at a CANDE station. See Protecting Remote Files.

DIALLOGIN

Sets the conditions for permitting the opening of a foreign remote file at a dial-in station. See Protecting Remote Files.

SECALL

Regulates privileged-user status at CANDE stations.

SECDIALIN

Regulates privileged-user status at dial-in stations.

SECPSEUDO

Regulates privileged-user status on CANDE pseudostations.

USECOMSPRIV

Makes exceptions to the effects of either or both of the options SECALL and SECPSEUDO.

SECOPT MECHANISMS

Displays the current function names that are defined as security mechanisms.

SECOPT MECHANISMS *

Displays the currently defined security mechanisms and their attributes.

SECOPT MECHANISMS <mechanism name>

Displays the specified security mechanism.

SECOPT MECHANISMS * <mechanism name>

Displays the specified security mechanism and the attributes associated with that mechanism.

SECOPT MECHANISMS – <mechanism name>

Removes all information for the specified security mechanism.

SECOPT MECHANISMS – *

Removes all information for all security mechanisms except NONE and USERDATA.

SECOPT MECHANISMS + <mechanism name>

Specifies the function name to be added as a security mechanism.

SECOPT MECHANISMS + <mechanism name> : <attributes>

Specifies the function name to be added as a security mechanism and sets the attributes associated with it.

SECOPT MECHANISMS <mechanism name> : <attributes>

Sets the attributes associated with the security mechanism.

ACTIVE

If set, the security mechanism is used by the GSSAPI support library. The internal security mechanisms NONE and USERDATA cannot be deactivated.

INITIATE

If set, the security mechanism can be used by the GSSAPI support library to initiate security contexts.

If set for the NONE security mechanism, all initiated connections out of the system must be previously authenticated.

ACCEPT

If set, the security mechanism can be used by the GSSAPI support library to accept security contexts.

If set for the NONE security mechanism, all accepted connections into the system must be previously authenticated.

If ACCEPT is not set for the NONE security mechanism, every accepted connection without an identity is still required to be authenticated.

AUTHENTICATE

If set, the security mechanism can be used by the GSSAPI support library to authenticate identities.

If set for the NONE security mechanism, connections can be accepted without an identity, such as a MARC SUPERUSER session.

If AUTHENTICATE is not set for the NONE security mechanism, every accepted connection into the system must be authenticated.

DEFAULTMARCAUTH

If set, MARC uses the mechanism when authenticating users.

This attribute can be set for only one mechanism. When the attribute is set for a mechanism, it is automatically reset for any other mechanism.

If this attribute is not set for KERBEROS or KERBEROSSUPPORT, MARC does not use GSSAPI when authenticating users.

SECOPT MECH

Display all of the defined security mechanisms.

Examples of command responses are

    MECHANISM NONE

    MECHANISM USERDATA

    MECHANISM KERBEROS

SECOPT MECH *

Display the currently defined security mechanisms and their attributes.

Examples of command responses are

    MECHANISM NONE

                    ACCEPT, INITIATE

    MECHANISM USERDATA

    MECHANISM KERBEROS

                    DEFAULTMARCAUTH

SECOPT MECH * KERBEROS

Display the specified security mechanism and the attributes associated with that mechanism.

Examples of command responses are

    MECHANISM KERBEROS

                    DEFAULTMARCAUTH