In summary, standard security validates user ID and password with a Gen z/OS user exit. Enhanced security validates user id and password with one or more customer designed programs on z/OS. The setup is the same whether using the Single (TISL) or Multi Socket Server (TIML) Listener.
The users logon with Client Manager or use a client logon program to capture attributes CLIENT_USER_ID and CLIENT_PASSWORD. The user ID and password are placed in the front of the Common Format Buffer when using Client Manager. The user ID and password are placed both in the front and at the end of the Common Format Buffer when using a client logon program. The client exit WREXITN.c must be changed to SecurityUsedStandard. When passed to the Host, user exits check flags and capture the user ID and password to be validated by Gen.
The variables CLIENT_USER_ID and CLIENT_PASSWORD are populated with a client written logon program. The client exit WREXITN.c must be changed to SecurityUsedEnhanced. Once this is passed to the host, user exits must be changed to validate security with custom code. This custom program can be called from a Gen user exit to validate user ID and password as desired.