EQQBENCR sample
The EQQBENCR member of the EQQSAMP library provides a sample of the EQQE2EPW JCL that you can use to encrypt the passwords written in plain text in the USRREC statement of the USRINFO configuration member, or to insert additional USRREC statements through the SYSIN data.
Following is an example of the sample EQQE2EPW JCL.
//EQQE2EPW EXEC PGM=EQQUPTOP,REGION=64M,TIME=1440
//********************************************************************
//* THIS IS A SAMPLE JCL TO ENCRYPT THE PASSWORDS IN THE USRREC *
//* STATEMENT CONTAINED IN THE EQQPARM LIBRARY MEMBER AS SPECIFIED *
//* BY THE USRMEM KEYWORD IN THE TOPOLOGY STATEMENT, FOR EXAMPLE *
//* USRMEM(USRINFO). *
//* THE TWS FOR ZOS DEFAULT FOR THIS MEMBER NAME IS USRINFO, AS *
//* DEFINED IN THE EQQE2EP INSTALLATION SAMPLE. *
//* SPECIFY THE LIBRARY THAT CONTAINS THE USRINFO MEMBER, *
//* INCLUDING THE MEMBER NAME, IN THE EQQUSRIN DD OF THIS JCL. *
//* SPECIFY IN THE SYSIN DD EITHER THE NAME OF A DATA SET (INCLUDING *
//* THE MEMBER NAME, IF PDS) CONTAINING THE USRREC STATEMENTS OR THE *
//* USRREC STATEMENTS DIRECTLY AS INLINE PARAMETERS. THESE ARE THE *
//* USRREC STATEMENTS THAT YOU WOULD LIKE TO ADD TO THE USRINFO *
//* DATASET MEMBER. *
//* NOTICE THAT ALL THE THREE KEYWORDS OF THE USRREC STATEMENT *
//* (USRCPU, USRNAM, USRPSW) ARE REQUIRED IN THE SYSIN. INSERT ONE *
//* USRREC STATEMENT KEYWORD PER ROW. *
//* FOR EXAMPLE: *
//* SYSIN DD * *
//* USRCPU(WS01) *
//* USRNAM('TEST1') *
//* USRPSW('ABC123') *
//* USRCPU(WS02) *
//* USRNAM('TEST2') *
//* USRPSW('EFG567') *
//* AS RESULT THE PASSWORDS SPECIFIED IN THE USRPSW KEYWORDS WILL BE *
//* ENCRYPTED (EITHER IF IN THE SYSIN OR IN THE USRINFO MEMBER) AND *
//* THESE USRREC STATEMENTS ARE STORED IN THE USRINFO DATA SET AS *
//* SPECIFIED IN THE EQQUSRIN DD CARD. *
//* IF THE SYSIN IS NOT SPECIFIED, OR SPECIFIES DUMMY, ONLY THE *
//* PASSWORDS PRESENT IN THE USRINFO DATA SET WILL BE ENCRYPTED. *
//* NOTE: *
//* REVIEW ALL THE JCL CONTENT AND SETTINGS *
//* BEFORE SUBMITTING THIS JCL DOUBLE CHECK THAT THE DD DEFINITIONS *
//* SUIT YOUR INSTALLATION. MAINLY DOUBLE CHECK THAT EQQUSRIN AND *
//* SYSIN DD ARE PROPERLY DEFINED. CHECK THE JOB REGION SIZE. *
//* ADD YOUR JOB CARD. CONSIDER BACKING UP YOUR PARMLIB DATASET. *
//********************************************************************
//EQQE2EPW EXEC PGM=EQQUPTOP,REGION=64M,TIME=1440
//STEPLIB DD DISP=SHR,DSN=&STEPDSN
//EQQMLOG DD SYSOUT=&FPCLA
//EQQMLIB DD DISP=SHR,DSN=&MSGLIB
//EQQPARM DD DISP=SHR,DSN=&PARMDSN
//EQQDUMP DD SYSOUT=&FPCLA
//SYSUDUMP DD SYSOUT=&FPCLA
//EQQUSRIN DD DISP=SHR,DSN=&PARMDSN(USRINFO)
//SYSIN DD DISP=SHR,DSN=dsname(member_name)
//*SYSIN DD *
//*USRCPU(TEST)
//*USRNAM('DUMMY')
//*USRPSW('ABC123')
Note:
- Insert the keywords contained in SYSIN, either inline or in a data set, one per row.
- The keywords are the same as the ones used for the USRREC statement: USRCPU, USRNAM, and USRPSW. These three keywords are all required in the SYSIN.
- Rows containing only comments are inserted into the USRINFO data set member (pointed by the EQQUSRIN DD card) as they are, starting at column 13.
- You can write comments on every row, but, depending on the statement length, they can result truncated or be overwritten by the row content. The suggested range is from column 50 to column 60. Rows containing only comments are allowed.
- The password length after the encryption is always 31 bytes and the statements start at column 13, therefore you can use maximum 60 characters per row.
- During the data set scanning process, if duplicated USRREC statements (same values for USRCPU and USRNAM) are found, the last USRREC found is inserted and the first USRREC is removed. The scan is performed from the top of the data set. The statements contained in SYSIN are considered more recent compared with the statements in USRINFO.
- A light syntax checking is performed on the SYSIN data set content. Only few checks on the USRINFO data set. A complete syntax checking is performed on the content of the final USRINFO data set, when a DP batch is performed, as usual.
- New rows added to the USRINFO member are flagged with the
/*JADD*/
comment starting at column 73. This will help to locate the modified lines. Following is an example of how the inserted rows look like:USRREC USRCPU(WS01) /*JADD*/ USRNAM('TEST01') /*JADD*/ USRPSW('¿M($H7ggTDè;Dè ã ä7LN};ôã°Nä)}¦ ¿') /*JADD*/
Remove the/*JADD*/
flag manually before the next run of job EQQE2EPW, to distinguish the new lines that will be added. To do this, edit the USRINFO member and do one of the following actions:- Remove manually the comments
/*JADD*/
using the edit command CUT of the host emulator. - Use the TSO edit command CHANGE ALL:
CHANGE '/*JADD*/' ' ' ALL
- Use the TSO edit commands RENUM and UNNUM.
- Remove manually the comments