How to suppress a CA Top Secret Security reply to a TSS9080A WTOR message in CA OPS/MVS.

Document ID : KB000005410
Last Modified Date : 14/02/2018
Show Technical Document Details
Issue:

We have a message rule in OPS that issues Top Secret commands on the console. The commands require a response of an ID and password.  The response of the ID and password is readable in the console log. Commands issued by OPS/MVS is not suppressed. We need that response suppressed and non readable.

Resolution:

Take a look at the PASSWORDTEXTn parameters as these may address the problem.

Suppose the command being entered is 'F TSS,somecmd UID=userid PW=password', you could set the PASSWORDTEXT1 parm to UID= and the PASSWORDTEXT2 parm to PW= and in the logs any value after UID= and PW= will be X'd out.

We are replying to the TSS9080A WTOR issued from TSS for authorization of a TSS command and the format of the reply is R xx,uid/pw. The PASSWORDTEXTn parms need to have the text that precedes the message text that you want to X out. Meaning, if the valid reply was R xx,UID=uid PW=pw , then you could of set parms to UID= and PW= (fixed text). If this WTOR was being issued as a security WTOR (routecde=9), then the reply from the rule/program would cause the reply to be suppressed/x'd out.

Ask your Top Secret Security support team about this (getting the TSS908A message to be issued with route code 9). In the meantime, looks like the reply to the WTOR is being done from OPSREPLY in a program, so you should be able to create a rule for the TSS9080A that changes the route code to a 9.

I.E.:
)MSG TSS9080A
)Proc
msg.route=OPSBITS('9')

Then do a current OPSREPLY code from wherever it is being done...

Additional Information: