internal-option If this is set to 1 or yes, DCAS is invoked internally rather than using a DCAS listener


Default: no
Values: Yes, Y, 1, No, N, 0


When Express Login Facility (ELF) is used with TN3270, and the TN3270 client triggers ELF processing by sending a client certificate during connection establishment and subsequently including an ELF token in the input data stream, the TN3270 listener must make a request to the Digital Certificate Authentication Service (DCAS). In Enterprise Server 5.0 and earlier, it was necessary to define a DCAS listener in the enterprise server region to provide this service. Beginning with Enterprise Server 6.0, the TN3270 listener can instead invoke DCAS directly, without requiring that a listener be defined. This is known as internal DCAS.

We encourage those who use DCAS only for ELF to use internal DCAS. This prevents any possible security issues with having a DCAS listener potentially exposed to hostile clients.

Normally, DCAS is configured using the DCAS listener. When internal DCAS is used, the DCAS configuration can be supplied in the configuration area for the TN3270 listener by prefixing each DCAS section name with "DCAS". For example:

[DCAS Operation]
allowed formats=1
check user authorization=yes

[DCAS Certificate]
certificate directory=/path/to/registration/files

[DCAS Tracing]

When internal DCAS is used, the name option in the [DCAS] configuration section has no effect.