IBM GC28-1920-01 manual DCEUUIDS Class, Signon to, Activating

Page 62
Activating

 

 

database. The mvsexpt utility takes a specified input file or

 

 

registry

for

each

principal specified

and

creates

the

RACF DC

 

 

and

profiles

in

the

 

RACF

general

resource

class,

DCEUUIDS.

For more information on these utilities,OpenEditionseeDCE Administration .Guide

 

Although

you

can

administer

the DCEUUIDS

profiles

using

the

RACF

RDEFINE

and RALTER

commands, it stronglyis

recommendedthat you use the OS/390

 

OpenEdition

DCE utilities.

 

 

 

 

 

 

 

 

 

 

 

 

Attention

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Changing

the

UUID

or

HOMEUUID

fields

in a

user

profile

DCE

segment

RACF commands

(such as ADDUSER, ALTUSER, or DELUSER)

doesnot

 

 

 

update DCEUUIDS class profiles. It is

strongly

recommended

that you

OS/390 OpenEdition DCE utilities to maintain

the

DCE

information

contained

within

RACF.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

The OS/390 OpenEdition DCE utilities maintain a file of users that have processed. If you perform subsequent administration, and do not use utilities, the processed entry file might not be accurate. Inaccurac can cause unpredictable results the next time the OpenEdition DCE utili used.

Activating

the

DCEUUIDS Class

Before

OS/390

OpenEdition DCE can use profiles defined to the DCEUUIDS

the security

administrator must activate the class. To activate the DCE

enter:

 

 

SETROPTS CLASSACT(DCEUUIDS)

Single

Signon to

DCE

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

RACF

support

for

OS/390 OpenEdition DCE providessinglefor signona

to. DCE

 

 

 

 

 

OS/390 OpenEdition DCE single signon signs an MVS user on to DCE

 

 

 

 

 

automatically

if

that user has already been authenticated by

RACF. To

 

 

signon

to

DCE processing, the

following conditions

must

be

met:

 

 

 

 

 

Ÿ

The

security

administrator

has

requested single

signon

 

to DCE

process

 

 

 

the

user.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Ÿ

The

security

administrator

has

defined

the

DCE

encryption

key.

 

 

 

Ÿ

The

user

is

not currently logged into DCE.

 

 

 

 

 

 

 

 

 

Ÿ

The

user invokes a DCE application.

 

 

 

 

 

 

 

 

 

 

Ÿ

The

user is defined as a DCE principal to the DCE registry.

 

 

 

 

Before

 

OpenEdition DCE

single

signon

support

can

be

invoked

for

an

MVS

us

 

 

the

MVS

 

user must be enrolled for

single

signon

to

DCE. To

enroll:

 

 

 

 

Ÿ

RACF

setup procedures for DCE interoperability must be completed.

 

 

 

Ÿ

A

DCE

 

segment

must be created for the MVS

user

in the RACF user pr

 

 

 

The

user profile DCE segment must contain the user's DCE information.

 

 

Ÿ

The

AUTOLOGIN

value in the user's DCE segment

must be

set

to

YES

to

 

 

 

invoke

single

signon processing. If the value

is

set to

NO,

single

si

 

 

 

DCE

processing

does

not occur.

 

 

 

 

 

 

 

 

 

38

OS/390 V1R2.0

Security

Server

(RACF)

Planning:

Installation and

Migration

 

 

 

 

 

 

 

 

Page 61 Page 63
Image 62
Page 61 Page 63
Contents Place graphic in this area. Outline is keyline only. DO NOT PRINT Security Server RACF Planning Installation and MigrationOS/390 Page Security Server RACF Planning Installation and Migration Second Edition, September 1996. AllPage Page Contents MigrationAuditing Considerations Administration ConsiderationsCustomization Considerations Chapter Operational ConsiderationsIndex 10. ApplicationPage Figures Page Notices Trademarks Who Should Use This Book How to Use ThisAbout This Book xiiiŸ The OS/390 Security Server RACF Information , PackageSK2T-2180 Where to Find More InformationSoftcopy Publications ServerUsing the Administration, H3927Elements of Security RACF Installation - Student GG24-3971Notes Ÿ Tutorial Options for Tuning GG22RACFInternet Sources Other Sources of InformationIBM Discussion Areas listserv@uga.cc.uga.eduPublications To Request Copies ofFeatures OS/390xviii OSA/SF ServiceŸ OpenEditionProduct V2R5TSO/EPage Summary of Changes Page Migration Migration Planning ConsiderationsChapter 1. Planning Customization Considerations Installation ConsiderationsAdministration Considerations Application Development Considerations Auditing ConsiderationsOperational Considerations General User ConsiderationsPage Chapter 2. Release Overview New and Enhanced Supportfunction OS/390 OpenEdition DCEidentifies introduced in OS/390 ReleaseConcepts CheckOS/390 OpenEdition Authorizing and Auditing Server Access to the CCS and WLM ServicesAuditing the Passing of Access Rights SOMobjects for MVSnon-main Multisystem NodesRRSF Network systemsTARGET OS/390 Enable and Disable FunctionsYear classes NetView1.10 Facilityidentifies function Function Not Upgradedupdated for that3. Summary of Components forRelease Class Descriptor Table CDTwhich Commandslists classes thereCommand Chapter 3. Summary of Changes to RACF Components for OS/390 15Releaselists changed Data AreasExits general-use programming interface GUPI data areFigure 12 lists changes MacrosMessages RACF macrosMessages New MessagesChanged Messages RACF Database Split/Merge Utility IRRUT400Routines PanelsPublications Library Figure 13 lists RACF panels that areFigure 16 identifies changes to RACF members of SYS1.SAMPLIB SYS1.SAMPLIBTemplates RACROUTE REQUEST=EXTRACTTemplate UtilitiesFigure 18 lists changes to RACF utilities for OS/390 Release Utility 0280Chapter 4. Planning Considerations OS/390 Security Server RACF Planning Installation and forMigrationRACF Planning Installation and Migrationfor RACF Migration StrategySoftware Requirements RACF Planning Installation and Migrationfor RACF 2.1, andHardware Requirements RACF Migration and Planning for RACFRequirements CompatibilityCompatibility Considerations for Remote Sharing Page Considerations Chapter 5. Installation ConsiderationsEnabling RACF Networksare in your existing workspace data sets when you installationconfigured install multisystem RChapter 5. Installation Considerations29 mustsysname prefixnodename local-luprefix.local-node.local-node .INMSG This section discusses storage considerations for RACF RACF Storage ConsiderationsVirtual Storage Figure 21 estimates RACF virtual storage usage, for planning purposesCustomer Additions to the CDT Subpoolinformation, OS/390see Security Server Templates for RACF onOS/390 Release Systemand IRRSXT00 Chapter 6. Customization ConsiderationsExit Processing Effects of OS/390 OpenEdition DCEIRRSXT00 Installation Exit RACROUTE REQUEST=DEFINE Preprocessing Exit ICHRDX01Cross-Linking Between RACF Users Chapter 7. Administration ConsiderationsServer RACF Security Administrators. Guide signonActivating DCEUUIDS ClassSignon to the DCE Encryption Key single signon restrictionsOpenEditionsee DCE Administration .GuideOS/390 OpenEdition DCE Application Considerations Threads and OpenEdition Planning, and inOS/390 OpenEdition Programming AssemblerLibrary Reference callable servicepthread orsecuritynp Changes to RACF Authorization ProcessingRestrictions Enhancements to the Rdceruid Callable ServiceUtility Chapter 7. Administration Considerations43 SYSMVIEWPage Auditors Guide and OS/390 Chapter 8. Auditing ConsiderationsSMF Records Server RACF MacrosInterfaces ServicesAuditing New OS/390 Report Writer Auditing OS/390 OpenEdition DCE SupportAuditing SystemView for MVS Support SMF Data Unload UtilityPage Chapter 9. Operational Considerations CommandOS/390 Security Server RACF Command Language Referencefor more Enabling and DisablingPage Servers Chapter 10. Application Development Considerations2000 Support 01yydddFNew Application Services and Security pthread the securitynpChanges to the Class Descriptor Table ServiceNew Application Authorization Programming InterfacesŸ “Macros” on page Ÿ “Templates” on page Ÿ “Utilities” on page Ÿ “Routines” on pageOpenEdition Chapter 11. General UserConsiderations Reference forPage OW08457 Chapter 12. NJE ConsiderationsAPAR OW14451 After Applying the PTFUACC Actions RequiredOW08457 NODESFAILSAFE APAR OW15408GROUP Page Nodes Chapter 13. ScenariosMigrating an Existing RRSFprefixTARGET NODEORLANDO DELETE prefixTARGET NODEMIAMI2 SYSNAMESYSTEM2 LOCAL OPERATIVEOn MIAMI2 prefixTARGET NODEMIAMI2 DELETEDELETE RACF DiagnosisOn ORLANDO prefixTARGET NODEORLANDO OPERATIVE PREFIX... PROTOCOL... WORKSPACE Note Thedirection Glossaryaccess Page programming Seegeneral-use programmingSeeinventory Seelogical Seemultisystemlogical other.single-system supervisorytask segment andDFP Index A classes continuedcontinued Page KEYSMSTR SERVERSFSCMD utilitiescontinued Page Edition OS/390 Security Server RACF Information IBM Now you can! TheIBM Online Library Productivity Page Page Communicating Your Comments to IBM commentsPublication No. GC28-1920-01 Readers Comments - Wed Like to Hear from YouOS/390 Security Server RACF Planning Installation and Migration Note CopiesBUSINESS MAILREPLY IBMPage GC28-192ð-ð1 IBMDrop in Back Cover Image Here
Top Page Image Contents