Concepts, Check | IBM GC28-1920-01 instruction

OS/390	OpenEdition	DCE single signon support uses to sign in an authentica
OS/390	user to	DCE.

The RACF support for OS/390 OpenEdition DCE includes:

Ÿ

The

DCE

segment, which contains

DCE information associated with a RAC

user

Ÿ

The

KEYSMSTR

class,

which holds a key to encrypt the DCE password

Ÿ

The

DCEUUIDS

class,

which

is

used

to

define

the

mapping between

RACF

user

ID

and

the corresponding DCE principal UUID

Ÿ

Callable

services

that:

–

Check

a

user's

authority to

a

RACF

resource

–

Set

or

retrieve

fields

from

a

user profile

DCE

segment

–

Set or retrieve a DCE password

–

Determine

the

identity

of

a

DCE client

ŸEnhancements to RACF commands to allow users to create, update and

display information in the DCE user profile segment:

–ADDUSER

–ALTUSER

–LISTUSER

Ÿ Enhancements to RACF utilities:

– SMF data unload utility

–Database unload utility

–Remove ID utility

Ÿ	Enhancements	to	the ACEE		to	identify		a	DCE	client
Ÿ	Enhancements	to	RACF	ISPF	panels		for	the	DCE	user profile	segment
OS/390 OpenEdition			DCE	provides		two	utilities		to	administer DCE	information

the RACF database and to create cross-linking information between the database and the DCE principal registry:

ŸMVSIMPT

ŸMVSEXPT

For more information on these utilities,OpenEditionseeDCE Administration .Guide

RACF interoperation with DCE requires the following software:

Ÿ	OpenEdition/MVS Release 3 (HOM1130) plus					APAR OW15865
Ÿ	C	Run	Time	Library	(JMWL550) plus APAR PN75309
To	enhance the security of DCE passwords					stored in the RACF databas
might		want	to	use an	encryption product.	You are encouraged to consi
the IBM Integrated Cryptographic Service						Facility (ICSF) Version 1 R
your MVS operating system. This product provides DES encryption-level
protection.
For an overview of DCE technology and terminology,DCE: Understandingsee							the
Concepts.

Chapter 2. Release Overview7

Image 31

IBM GC28-1920-01 manual Concepts, Check

Contents

OS/390 Security Server RACF Planning Installation and MigrationPlace graphic in this area. Outline is keyline only. DO NOT PRINT Page OS/390 1996. All Second Edition, SeptemberPage Page Migration Contents Customization Considerations Administration ConsiderationsAuditing Considerations 10. Application Operational ConsiderationsIndex ChapterPage Figures Page Notices Trademarks xiii How to Use ThisAbout This Book Who Should Use This Book Server Where to Find More InformationSoftcopy Publications Ÿ The OS/390 Security Server RACF Information , PackageSK2T-2180 Ÿ Tutorial Options for Tuning GG22RACF Administration, H3927Elements of Security RACF Installation - Student GG24-3971Notes Using the listserv@uga.cc.uga.edu Other Sources of InformationIBM Discussion Areas Internet Sources To Request Copies of Publications xviii OS/390Features V2R5TSO/E ServiceŸ OpenEditionProduct OSA/SFPage Summary of Changes Page Chapter 1. Planning Migration Planning ConsiderationsMigration Administration Considerations Installation ConsiderationsCustomization Considerations General User Considerations Auditing ConsiderationsOperational Considerations Application Development ConsiderationsPage New and Enhanced Support Chapter 2. Release Overview introduced in OS/390 Release OS/390 OpenEdition DCEidentifies function Check Concepts SOMobjects for MVS Authorizing and Auditing Server Access to the CCS and WLM ServicesAuditing the Passing of Access Rights OS/390 OpenEdition systems Multisystem NodesRRSF Network non-main Year OS/390 Enable and Disable FunctionsTARGET Facility NetView1.10 classes that Function Not Upgradedupdated for identifies function Class Descriptor Table CDT Components forRelease 3. Summary of there Commandslists classes which Chapter 3. Summary of Changes to RACF Components for OS/390 15Release Command general-use programming interface GUPI data are Data AreasExits lists changed RACF macros MacrosMessages Figure 12 lists changes RACF Database Split/Merge Utility IRRUT400 New MessagesChanged Messages Messages Figure 13 lists RACF panels that are PanelsPublications Library Routines RACROUTE REQUEST=EXTRACT SYS1.SAMPLIBTemplates Figure 16 identifies changes to RACF members of SYS1.SAMPLIB Figure 18 lists changes to RACF utilities for OS/390 Release UtilitiesTemplate 0280 Utility Migration Strategy OS/390 Security Server RACF Planning Installation and forMigrationRACF Planning Installation and Migrationfor RACF Chapter 4. Planning Considerations RACF Migration and Planning for RACF RACF Planning Installation and Migrationfor RACF 2.1, andHardware Requirements Software Requirements Compatibility Considerations for Remote Sharing CompatibilityRequirements Page Networks Chapter 5. Installation ConsiderationsEnabling RACF Considerations install multisystem R installationconfigured are in your existing workspace data sets when you must Chapter 5. Installation Considerations29 local-lu prefixnodename sysname prefix.local-node.local-node .INMSG Figure 21 estimates RACF virtual storage usage, for planning purposes RACF Storage ConsiderationsVirtual Storage This section discusses storage considerations for RACF Subpool Customer Additions to the CDT System Templates for RACF onOS/390 Release information, OS/390see Security Server Effects of OS/390 OpenEdition DCE Chapter 6. Customization ConsiderationsExit Processing and IRRSXT00 RACROUTE REQUEST=DEFINE Preprocessing Exit ICHRDX01 IRRSXT00 Installation Exit signon Chapter 7. Administration ConsiderationsServer RACF Security Administrators. Guide Cross-Linking Between RACF Users Signon to DCEUUIDS ClassActivating OS/390 OpenEdition DCE Application Considerations single signon restrictionsOpenEditionsee DCE Administration .Guidethe DCE Encryption Key Library Reference OpenEdition Planning, and inOS/390 OpenEdition Programming AssemblerThreads and Restrictions Changes to RACF Authorization Processingcallable servicepthread orsecuritynp Utility Rdceruid Callable ServiceEnhancements to the SYSMVIEW Chapter 7. Administration Considerations43Page Server RACF Macros Chapter 8. Auditing ConsiderationsSMF Records Auditors Guide and OS/390 Auditing New OS/390 ServicesInterfaces SMF Data Unload Utility Auditing OS/390 OpenEdition DCE SupportAuditing SystemView for MVS Support Report WriterPage Enabling and Disabling CommandOS/390 Security Server RACF Command Language Referencefor more Chapter 9. Operational ConsiderationsPage 01yydddF Chapter 10. Application Development Considerations2000 Support Servers pthread the securitynp New Application Services and Security Programming Interfaces ServiceNew Application Authorization Changes to the Class Descriptor Table Ÿ “Routines” on page Ÿ “Macros” on page Ÿ “Templates” on page Ÿ “Utilities” on page Reference for Chapter 11. General UserConsiderations OpenEditionPage After Applying the PTF Chapter 12. NJE ConsiderationsAPAR OW14451 OW08457 NODES Actions RequiredOW08457 UACC GROUP APAR OW15408FAILSAFE Page RRSF Chapter 13. ScenariosMigrating an Existing Nodes prefixTARGET NODEMIAMI2 DELETE prefixTARGET NODEMIAMI2 SYSNAMESYSTEM2 LOCAL OPERATIVEOn MIAMI2 prefixTARGET NODEORLANDO DELETE On ORLANDO RACF DiagnosisDELETE Note The prefixTARGET NODEORLANDO OPERATIVE PREFIX... PROTOCOL... WORKSPACE access Glossarydirection Page Seeinventory Seegeneral-use programmingprogramming Seemultisystem Seelogical logical supervisory other.single-system task segment andDFP classes continued Index A continued Page SFSCMD SERVERKEYSMSTR utilitiescontinued Page Now you can! TheIBM Online Library Productivity IBM Edition OS/390 Security Server RACF Information Page Page comments Communicating Your Comments to IBM Note Copies Readers Comments - Wed Like to Hear from YouOS/390 Security Server RACF Planning Installation and Migration Publication No. GC28-1920-01 IBM MAILREPLY BUSINESSPage Drop in Back Cover Image Here IBMGC28-192ð-ð1