Goal

To set up both the host and client computers to allow a session to connect using smart cards and Express Logon. These provide a secure connection to host applications without requiring the user to specify a user name and password when he or she logs on. Smart card and Express Logon support can be configured for EXTRA! X-treme TN3270 sessions and EXTRA! Terminal Viewer IBM Mainframe (TN3270) sessions.

Method

Although Smart cards and Express Logon can be used independently or together, the user achieves maximum convenience and security by using them together. Regardless of how they are used, certificates must be set up on the host and all client computers.

Using a certificate authority, you create and install certificates on the host and clients. Client certificates are stored on the smart card or in the Windows "myCertificates" store. With Express Logon, after preparing data profiles for your host applications and configuring your session, you create a start-up macro to establish the connection to the host.

Before You Start

This How-To assumes that you have some knowledge of client/server technology and SSL certificates. Your host must support SSL security.

If you plan to use smart cards, the smart card reader and software must be installed on clients, and the smart card inserted before you can set up certificates on the client.

If you plan to use Express Logon, you should have a working knowledge of macros so that you can create the start-up macro. You can make the macro available to users later, along with the session configuration file.

Steps

Following are the main steps you need to complete for this How-To:

  1. Set up certificates on the host and clients.

  2. Create z/OS Passticket data profiles.

  3. Create a TN3270 session.

  4. Record a start-up macro (Express Logon only).

  Attachmate