Chapter 7. Administration Considerations
This chapter summarizes the changes to administration procedures that administrator should be aware of. For more information,OS/390 Securitysee
Server (RACF) Security Administrator's. Guide
OS/390 OpenEdition DCE
The | interoperation of RACF with OS/390 OpenEdition DCE enables DCE | |||||||
application servers | on | MVS | to map a | DCE | user(principal)identoitya RACF | user | ||
ID. The mapping | of | a | DCE | principal | to | a RACF usercrossID | ||
The | information | contained | in | the RACF database | can be use | |||
ŸOS/390 OpenEdition DCE, for determining which MVS users are eligible
OS/390 OpenEdition DCE single signon to DCE
ŸApplication servers residing on OS/390, to determine the RACF user I clients. For more information on application servers and their use of
To support crossthe
Ÿ The DCE segment for the RACF user profile
ŸThe DCEUUIDS general resource class
The | DCE segment, | defined | to the | RACF | user profile, | associates | a | DCE | |||||||
with | the | RACF | user profile. See Figure 17 | on | page 20 | for | the | contents | |||||||
segment. |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The | DCEUUIDS | general | resource | class | contains | the | |||||||||
each | RACF/DCE | user. Profiles defined to the | RACF DCEUUIDS | class | associ | ||||||||||
DCE principal | with | a | RACF | user | ID | on | a particular system | that | is | par | |||||
cell. |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
The | security | administrator must work with the DCE administrator | to | def | |||||||||||
profiles | to | signon | to | DCEfeatures. |
|
|
| ||||||||
|
| and | DCE | Principals |
|
|
| |||||
Profiles in the DCEUUIDS class establish a | ||||||||||||
UUID and a RACF user ID. Two OpenEdition DCE utilities administer DCE | ||||||||||||
information | in | the | RACF | database and create the initial | ||||||||
between the | RACF | user | profile and the DCE principal registry: | |||||||||
mvsimpt | is | a | utility | that | creates | DCE principal entries in t | ||||||
| registry for |
| the | set of | RACF | users | chosen to be | |||||
| the output from the RACF database unload utility. The unloaded | |||||||||||
| database | is |
| sorted | by the administrator according to RACF u | |||||||
| a RACF DCE segment and | filtered by the utility according to | ||||||||||
| entries | from | previous | mvsimpt | and mvsexpt processing. | |||||||
mvsexpt | is | a | utility that populates a RACF database with in | |||||||||
| a | set | of | DCE | principals. It creates and updates the RACF DC | |||||||
| segment | for | each | DCE | principal | being | ||||||
Copyright IBM Corp. 1994, | 1996 |
|
|
|
|
|
|
|
|
|
| 37 |