IBM GC28-1920-01 manual Concepts, Check

Page 31

OS/390	OpenEdition	DCE single signon support uses to sign in an authentica
OS/390	user to	DCE.

The RACF support for OS/390 OpenEdition DCE includes:

Ÿ

The

DCE

segment, which contains

DCE information associated with a RAC

user

Ÿ

The

KEYSMSTR

class,

which holds a key to encrypt the DCE password

Ÿ

The

DCEUUIDS

class,

which

is

used

to

define

the

mapping between

RACF

user

ID

and

the corresponding DCE principal UUID

Ÿ

Callable

services

that:

–

Check

a

user's

authority to

a

RACF

resource

–

Set

or

retrieve

fields

from

a

user profile

DCE

segment

–

Set or retrieve a DCE password

–

Determine

the

identity

of

a

DCE client

ŸEnhancements to RACF commands to allow users to create, update and

display information in the DCE user profile segment:

–ADDUSER

–ALTUSER

–LISTUSER

Ÿ Enhancements to RACF utilities:

– SMF data unload utility

–Database unload utility

–Remove ID utility

Ÿ	Enhancements	to	the ACEE		to	identify		a	DCE	client
Ÿ	Enhancements	to	RACF	ISPF	panels		for	the	DCE	user profile	segment
OS/390 OpenEdition			DCE	provides		two	utilities		to	administer DCE	information

the RACF database and to create cross-linking information between the database and the DCE principal registry:

ŸMVSIMPT

ŸMVSEXPT

For more information on these utilities,OpenEditionseeDCE Administration .Guide

RACF interoperation with DCE requires the following software:

Ÿ	OpenEdition/MVS Release 3 (HOM1130) plus					APAR OW15865
Ÿ	C	Run	Time	Library	(JMWL550) plus APAR PN75309
To	enhance the security of DCE passwords					stored in the RACF databas
might		want	to	use an	encryption product.	You are encouraged to consi
the IBM Integrated Cryptographic Service						Facility (ICSF) Version 1 R
your MVS operating system. This product provides DES encryption-level
protection.
For an overview of DCE technology and terminology,DCE: Understandingsee							the
Concepts.

Chapter 2. Release Overview7

Image 31

Contents OS/390 Security Server RACF Planning Installation and MigrationPlace graphic in this area. Outline is keyline only. DO NOT PRINT Page OS/390 1996. All Second Edition, SeptemberPage Page Migration ContentsCustomization Considerations Administration ConsiderationsAuditing Considerations 10. Application Operational ConsiderationsIndex ChapterPage Figures Page Notices Trademarks xiii How to Use ThisAbout This Book Who Should Use This BookServer Where to Find More InformationSoftcopy Publications Ÿ The OS/390 Security Server RACF Information , PackageSK2T-2180Ÿ Tutorial Options for Tuning GG22RACF Administration, H3927Elements of Security RACF Installation - Student GG24-3971Notes Using thelistserv@uga.cc.uga.edu Other Sources of InformationIBM Discussion Areas Internet SourcesTo Request Copies of Publicationsxviii OS/390Features V2R5TSO/E ServiceŸ OpenEditionProduct OSA/SFPage Summary of Changes Page Chapter 1. Planning Migration Planning ConsiderationsMigration Administration Considerations Installation ConsiderationsCustomization Considerations General User Considerations Auditing ConsiderationsOperational Considerations Application Development ConsiderationsPage New and Enhanced Support Chapter 2. Release Overviewintroduced in OS/390 Release OS/390 OpenEdition DCEidentifies functionCheck ConceptsSOMobjects for MVS Authorizing and Auditing Server Access to the CCS and WLM ServicesAuditing the Passing of Access Rights OS/390 OpenEditionsystems Multisystem NodesRRSF Network non-mainYear OS/390 Enable and Disable FunctionsTARGET Facility NetView1.10 classesthat Function Not Upgradedupdated for identifies functionClass Descriptor Table CDT Components forRelease 3. Summary ofthere Commandslists classes whichChapter 3. Summary of Changes to RACF Components for OS/390 15Release Commandgeneral-use programming interface GUPI data are Data AreasExits lists changedRACF macros MacrosMessages Figure 12 lists changesRACF Database Split/Merge Utility IRRUT400 New MessagesChanged Messages MessagesFigure 13 lists RACF panels that are PanelsPublications Library RoutinesRACROUTE REQUEST=EXTRACT SYS1.SAMPLIBTemplates Figure 16 identifies changes to RACF members of SYS1.SAMPLIBFigure 18 lists changes to RACF utilities for OS/390 Release UtilitiesTemplate 0280 UtilityMigration Strategy OS/390 Security Server RACF Planning Installation and forMigrationRACF Planning Installation and Migrationfor RACF Chapter 4. Planning ConsiderationsRACF Migration and Planning for RACF RACF Planning Installation and Migrationfor RACF 2.1, andHardware Requirements Software RequirementsCompatibility Considerations for Remote Sharing CompatibilityRequirements Page Networks Chapter 5. Installation ConsiderationsEnabling RACF Considerationsinstall multisystem R installationconfigured are in your existing workspace data sets when youmust Chapter 5. Installation Considerations29local-lu prefixnodename sysnameprefix.local-node.local-node .INMSG Figure 21 estimates RACF virtual storage usage, for planning purposes RACF Storage ConsiderationsVirtual Storage This section discusses storage considerations for RACFSubpool Customer Additions to the CDTSystem Templates for RACF onOS/390 Release information, OS/390see Security ServerEffects of OS/390 OpenEdition DCE Chapter 6. Customization ConsiderationsExit Processing and IRRSXT00RACROUTE REQUEST=DEFINE Preprocessing Exit ICHRDX01 IRRSXT00 Installation Exitsignon Chapter 7. Administration ConsiderationsServer RACF Security Administrators. Guide Cross-Linking Between RACF UsersSignon to DCEUUIDS ClassActivating OS/390 OpenEdition DCE Application Considerations single signon restrictionsOpenEditionsee DCE Administration .Guidethe DCE Encryption Key Library Reference OpenEdition Planning, and inOS/390 OpenEdition Programming AssemblerThreads and Restrictions Changes to RACF Authorization Processingcallable servicepthread orsecuritynp Utility Rdceruid Callable ServiceEnhancements to the SYSMVIEW Chapter 7. Administration Considerations43Page Server RACF Macros Chapter 8. Auditing ConsiderationsSMF Records Auditors Guide and OS/390Auditing New OS/390 ServicesInterfaces SMF Data Unload Utility Auditing OS/390 OpenEdition DCE SupportAuditing SystemView for MVS Support Report WriterPage Enabling and Disabling CommandOS/390 Security Server RACF Command Language Referencefor more Chapter 9. Operational ConsiderationsPage 01yydddF Chapter 10. Application Development Considerations2000 Support Serverspthread the securitynp New Application Services and SecurityProgramming Interfaces ServiceNew Application Authorization Changes to the Class Descriptor TableŸ “Routines” on page Ÿ “Macros” on page Ÿ “Templates” on page Ÿ “Utilities” on pageReference for Chapter 11. General UserConsiderations OpenEditionPage After Applying the PTF Chapter 12. NJE ConsiderationsAPAR OW14451 OW08457NODES Actions RequiredOW08457 UACCGROUP APAR OW15408FAILSAFE Page RRSF Chapter 13. ScenariosMigrating an Existing NodesprefixTARGET NODEMIAMI2 DELETE prefixTARGET NODEMIAMI2 SYSNAMESYSTEM2 LOCAL OPERATIVEOn MIAMI2 prefixTARGET NODEORLANDO DELETEOn ORLANDO RACF DiagnosisDELETE Note The prefixTARGET NODEORLANDO OPERATIVE PREFIX... PROTOCOL... WORKSPACEaccess Glossarydirection Page Seeinventory Seegeneral-use programmingprogramming Seemultisystem Seelogicallogical supervisory other.single-systemtask segment andDFP classes continued Index Acontinued Page SFSCMD SERVERKEYSMSTR utilitiescontinued Page Now you can! TheIBM Online Library Productivity IBM Edition OS/390 Security Server RACF Information Page Page comments Communicating Your Comments to IBMNote Copies Readers Comments - Wed Like to Hear from YouOS/390 Security Server RACF Planning Installation and Migration Publication No. GC28-1920-01IBM MAILREPLY BUSINESSPage Drop in Back Cover Image Here IBMGC28-192ð-ð1