LTXF/MVS

LTXF/MVS is designed to enhance the security of TSO/E environments by automatically locking inactive sessions. The architecture centers around intercepting the standard TSO/E termination routines. Instead of the session ending, LTXF/MVS takes control and displays a lock screen, requiring users to re-authenticate.

This prevents unauthorized access to unattended TSO/E sessions. The main components include the interception module, the lock screen display module, and the integration module with z/OS security systems. These components communicate through standard z/OS system calls.

LTXF/MVS integrates with z/OS security systems such as RACF, ACF2, and Top Secret, leveraging standard z/OS SAF calls for user validation. Configuration is managed through a PARMLIB member, allowing administrators to set parameters such as the lock screen timeout interval and the message displayed on the lock screen. LTXF/MVS relies on the underlying z/OS system for encryption services, if configured.

Audit and logging capabilities are provided through integration with z/OS audit and logging facilities. The system authorization facility (SAF) is used for validating user credentials. Competing products may offer similar session locking capabilities, but LTXF/MVS distinguishes itself through its tight integration with z/OS security and its ease of configuration.

It provides a cost-effective solution for enhancing TSO/E security without requiring significant changes to existing applications or infrastructure.