Logging on to TSO
The following is an example of how to logon using TSO. Note that system responses are capitalized and information entered by the user is in lowercase.
LOGON logonid ACF82004 ACF2, ENTER PASSWORD - your-password (entered into a nondisplayable field)
If you wish to abort a TSO logon, type a plus sign (+) in response to any
Your site can permit the LOGON command, logonid, and password to be entered on one line, such as:
If Multi-Level Security (MLS) is active on the system, a user may also specify a security label on the LOGON command, such as:
LOGON logonid/password SECLABEL(seclabel)
For more information on MLS, see Security Labels.
acf ACF set control(gso) CONTROL change tso ikjefld1
To activate the changes to the TSO record, issue the following command:
To avoid a possible security breach, we recommend that you do not permit quick logons since the password is
visibleon the screen. Your site can force the use of a separate entry by specifying the NOQLOGON option in the GSO TSO record. For more information, see Global System Option Records (GSO).
The SHOW TSO and SHOW ACF2 subcommands of the ACF command display the TSO options as specified in the GSO TSO record.
Logon from the Command Line
You can also log on to TSO by entering the LOGON command, your logonid, and any chosen operands directly on the command line as follows:
logon your-logonid logon-operand1 logon-operand2......
For example, to reconnect to a TSO session that was disconnected, USER01 might enter:
logon user01 reconnect
The TSO LOGON command parameters are described in the following section. These parameters can be specified with the logonid in response to the ACF82033 prompt, in the non-display field with the password in response to the ACF82044 prompt, or on the command line. It is also possible to pass these parameters from VTAM USS if your site is set up to connect users to TSO through a site-defined command.
Logon Parameter Descriptions
Specifies the account number associated with this TSO session. This value overrides any default from the TSOACCT field of the user's logonid record or the GSO TSO record. To specify ACCT during logon, the logonid must have the LGN-ACCT privilege. To validate the account number you must write resource rules with the type code TAC and specify the VLD-ACCT field in the logonid record.
Indicates the user wants to gain TSO access to the system even though
ACF2has not yet been started. Because it is unavailable, the user must be defined in the UADS data set. This parameter is intended for use in recovery situations when the system is IPLed without
Prevents the user from being presented with a full-screen logon panel. NFSCREEN can be used during a specific logon to override the TSOFSCRN privilege specified in the logonid record; however, specifying FSCREEN at logon time does not override the NOTSOFSCRN privilege for a logonid and does not display the full-screen panel.
Specifies the one- to eight-character group or project name associated with this logonid for this system access session. To specify GROUP during logon, enter GROUP(
grpname) on the command line, or fill in the GROUP field on the TSO full-screen logon panel.
ACF2validates the GROUP value you enter by checking resource rules with the type code TGR. For more information, see Specifying a Group or Project at Logon.
Indicates to TSO whether the user wants to see any messages from TSO at logon time.
Specifies the one-character message class for this TSO session. The user must have the LGN-MSG attribute to specify MSGCLASS.
Indicates to TSO whether the user wants to receive TSO notices at logon time.
Specifies the TSO performance group to be used during the session. Enter a value from 1 to 250.
Specifies the procedure to be used for this TSO session. This value overrides any default from the TSOPROC field of the logonid record or the GSO TSO record. To specify PROC during logon, the user must have the LGN-PROC privilege. To validate the PROC value, you must write resource rules with the type code TPR and specify the VLD-PROC field in the logonid record.
Specifies that the user wants to reestablish a TSO session that was disconnected (RECONNECT) or that the user does not want a session reestablished if it has been disconnected (NORECONNECT). If neither parameter is specified,
ACF2reconnects to any pre-existing session or starts a new session and displays the full-screen logon panel.
Indicates whether the user wants the TSO RECOVER option on for this TSO session.
Specifies the desired region size in K for this TSO session up to 2,097,152K. The SIZE value is limited and cannot exceed the size specified in the TSOSIZE field of this logonid record unless it also has the LGN-SIZE privilege.
Note: If a SIZE(0) is specified, LGN-SIZE must be in the LIDREC.
Specifies the desired CPU time for this TSO session. User must have LGN-TIME to specify TIME.
Specifies the desired default generic unit name for this TSO session and is one-to-eight-characters long. The logonid must have the LGN-UNIT attribute to specify UNIT.
Changing Your Password or Password Phrase Using TSO
To change your password, perform the following steps:
- Follow your usual logon procedure as outlined in Logging on using TSO.
- Enter your old password, a slash, and your new password:oldpassword/newpasswordThe system prompts:ACF82020 ACF2, REENTER NEW PASSWORD FOR VERIFICATION -
- Enter your new password again.If you reenter your new password successfully, the system displays:ACF82000 ACF2, LOGON IN PROGRESS ACF01129 PASSWORD SUCCESSFULLY ALTEREDThe logon procedure continues as usual.If you reenter your new password incorrectly, the system displays:ACF82916 ACF2, VERIFICATION OF NEW PASSWORD FAILED ACF82008 ACF2, ENTER NEW PASSWORD -You must enter your new password, and then enter it again when the system asks you to reenter it for verification. If you successfully reenter your new password, the logon procedure continues as usual.
You can logon to TSO with a password phrase when the GSO TSO record has PWPHRASE on and the GSO PWPHRASE record has the ALLOW option on.
If your logonid has the PWPALLOW option on but the GSO PWPHRASE record has NOALLOW, you will not be able to use a password phrase for TSO logon.
All password phrases must be entered in single quotes for TSO logon. Otherwise, they will be confused with other TSO logon parameters such as RECONNECT or FSCREEN.
To change your password phrase
- Follow your usual logon procedure until the system prompts you with "ENTER PASSWORD OR PASSWORD PHRASE".
- Type your old password phrase in single quotes, a slash, and your new password phrase in single quotes.The system prompts you to reenter your new password phrase for verification.
- Type your new password phrase again in single quotes.If you reenter your new password phrase successfully, the logon procedure continues as usual.
TSO Full-Screen Logon Procedure
ACF2provides full-screen logon support for authorized TSO users. This section describes the following full-screen features:
If you have full-screen privileges in your logonid record, the logon panel displays after
ACF2validates your logonid and password.
Logon Panel Fields
Your site can display the following fields. You can save these fields from session to session except where noted.
Specifies the user's logonid. You
cannotchange this value.
Specifies the one-character TSO message class for this user.
Specifies the physical or logical name of the input device you are at. You
cannotchange this value.
Specifies the one-to-eight-character TSO unit name for this user.
Specifies the one-to-eight-character name of the procedure that contains the JCL for initiating the TSO session.
Specifies the maximum CPU time permitted for the user's session. Specify this value as
mmmm(minutes); 1440 means unlimited time.
Specifies the 0 to 2,097,152K TSO region size for the user's session.
Specifies the default TSO remote destination for this user.
Specifies the required 1-to-40-character TSO account number.
Specifies the TSO performance group to be used during the session. Enter a value from one to 250.
Initially displays the value entered in the GROUP(
grpname) logon parm if specified. Users can specify another valid group in this field that is used only for this session. If no GROUP is specified by the user at system entry, or if this field is blank on the full-screen display,
ACF2uses the default value from the GROUP logonid field without redisplaying the screen.
Accommodates special keywords required by the site for logon and displays at the bottom of the screen.
Specifies the user's one- to eight-character security label. MLS must be active on the system before a value may be specified in this field. If you specify a security label, it must be valid, and you must be authorized to use it, otherwise, you will be prompted until you either specify a valid security label or specify no value in the field (blanks). For information on how to implement MLS, see Implementing Multilevel Security Planning.
Also on the logon screen, you can enter S before each of the following operands that you want to have in effect.
Suppresses display of system mail at logon time.
Suppresses display of TSO notices at logon time.
Creates a work file during your editing session that you can use for recovering edits made to a data set in the event of a disconnect or system failure.
Lets you reestablish an existing session after your line has been disconnected. This logon must occur in a reconnect time limit after your line has been disconnected. When logging on again, you must specify the same logonid and password as you used previously for beginning the interrupted session; operand values from the interrupted session remain in effect and cannot be changed. You
cannotsave this value from session to session.
For information about the C-TSO full screen retention records, see TSO Full-Screen Logon Retention Records.
Lets you change your password or password phrase. When selected, you are prompted for your old password or password phrase if it was not already just used at logon – such as when a pass ticket or multi-factor credentials are used instead. You cannot mix an old password with a new password phrase or and old password phrase with a new password. So, if an old password is used, then a new password must be entered. If an old password phrase is used, then a new password phrase must be entered. Any password phrase containing one or more blanks needs to be entered in single quote marks. If the password or password phrase change fails for some reason, you are prompted again, up to five times. To get out of the new password or password phrase process, enter a + (plus sign) at the old or new password or password phrase prompt and the logon continues normally, bypassing the password or password phrase change request.
Bypassing Full-Screen Logon
A TSO user with the TSOFSCRN privilege can bypass display of the logon screen. During logon, enter the TSO logon command and specify your logonid and the NFSCREEN keyword, as shown in the following:
logon user01 nfscreen
ACF2validates the logonid and password, you can proceed as if no full-screen authorization exists.
Support for Hard-Copy Devices
The full-screen display is limited to IBM 3270-type display terminals. If you are at a hard-copy terminal and are authorized for full-screen logon, you might see a message similar to the following one printed at the terminal at logon time:
ACF82022 ACF2, THE FOLLOWING KEYWORDS ARE IN EFFECT: logon USER01/USER01 ACCT(4) PROC($PRDISPF) SIZE(01024) UNIT(SYSDA) ACF82021 ACF2, ENTER OVERRIDES OR HIT ENTER TO CONTINUE
You can do one of the following:
- Enter any of the listed operands to change the values in effect. For example, you can change the value of the SIZE operand to 8192K by entering,size(8192)ACF2repeats the logon message but lists any new values.
- Enter operands not already listed to place additional values into effect. For example, you can put the NOMAIL operand into effect by entering,nomailACF2repeats the logon message, listing the newly specified operand and any value it might have.
- Retain the values in effect by pressing the Enter key. You also press the Enter key after changing or adding operands and values as desired.ACF2continues validating your logon request. If the validation is successful, normal TSO logon occurs.
To perform the previously described actions in the first two alternatives, you must have permission to specify the operand that you want to change at logon time.