DOCUMENT:Q198179 13-JUN-2001 [sna] TITLE :Enabling an APPC/CPIC Program to Use Persistent Verification PRODUCT :Microsoft SNA Server PROD/VER:WINDOWS:3.0 SP3,4.0,4.0 SP1 OPER/SYS: KEYWORDS: ====================================================================== ------------------------------------------------------------------------------- The information in this article applies to: - Microsoft SNA Server, versions 3.0 SP3, 4.0, 4.0 SP1 ------------------------------------------------------------------------------- SUMMARY ======= Microsoft SNA Server 3.0 Service Pack 3 and later versions include support for LU6.2 "persistent verification" as described in the following Knowledge Base article: Q180866 Persistent Verification Support for APPC Sessions In order for an application to make use of SNA Server persistent verification support, the application must do the following: - An APPC application must set security = AP_SAME, and set the user_id and pwd fields on every call to the [MC_]ALLOCATE verb. - A CPIC application must set conversation_security_type = XC_SECURITY_SAME, and set security_user_id and security_password fields prior to every call to the CMALLC (Allocate) function. MORE INFORMATION ================ Persistent verification (PV) eliminates the need to provide a user ID and password on each Attach during multiple conversations between a user and its partner at a remote LU. The user is verified once during a sign-on process during its initial conversation over an LU6.2 session between an LU/LU pair, and remains verified until the user is signed off by the remote LU, or if all sessions between the LUs are ended. In order for persistent verification to be used, the host system must indicate support within its BIND command or response, by setting the following option: Byte 23, Bit 7 persistent verification capability must be set to 1 (ON): (Persistent Verification indicator is supported on incoming FMH-5s) Note that SNA Server does not set this bit, because SNA Server only supports the sending of FMH-5 Attach requests with persistent verification. SNA Server does not support incoming FMH-5 Attaches which have persistent verification set. If SNA Server detects that the remote system supports persistent verification (as indicated in the host BIND message), then the APPC or CPIC application can take advantage of persistent verification by setting security = SAME, and by providing a user ID AND password on every allocate request. SNA Server then implements PV by maintaining a PV sign-on user list associated with each Remote APPC LU as follows: - If a client allocate request is received and the user is not in the PV user sign-on list, SNA Server adds the user to its sign-on user list, sets Byte 4 Bit 1-2 (persistent verification indicator) to "01", indicating "sign-on requested", and includes the user ID and password security vectors in the FMH-5 Attach. - If a client allocate request is received and the user is found in the sign-on list, SNA Server sets Byte 4 Bit 1-2 (persistent verification indicator) to "10" indicating "already signed on", and includes the user ID only in the FMH-5 Attach, but does not include the password vector. As mentioned above, SNA Server removes a user from its PV sign-on list when one of the following conditions occurs: - If the remote system sends a PV Sign-Off request to SNA Server and indicates the user. The remote system initiates an LU6.2 conversation to the SNA Server Sign-Off TP (TP name = X'06F3F0F0'), and indicating the user name in the Sign-Off GDS X'1220' message. - If all sessions end between the SNA Server LU and remote LU. This can occur if the connection fails or if all sessions are unbound. There is no way to view the SNA Server PV sign-on list, although this is under consideration for a future release of SNA Server. REFERENCES ========== IBM documents the format of the SNA BIND command and FMH-5 Attach requests in the following IBM reference: Title: Systems Network Architecture Formats IBM Document Number GA27-3136-14 For more information about persistent verification, please see the following IBM reference: Title: SNA LU 6.2 Peer Protocols IBM Document Number: SC31-6808-02 Additional query words: ====================================================================== Keywords : Technology : kbAudDeveloper kbSNAServSearch kbSNAServ400 kbSNAServ300SP3 kbSNAServ400SP1 Version : WINDOWS:3.0 SP3,4.0,4.0 SP1 Issue type : kbinfo ============================================================================= THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY. Copyright Microsoft Corporation 2001.