IBM GC28-1920-01 manual Administration Considerations, Cross-Linking Between RACF Users, signon

The

interoperation of RACF with OS/390 OpenEdition DCE enables DCE

application servers

on

MVS

to map a

DCE

user(principal)identoitya RACF

user

ID. The mapping

of

a

DCE

principal

to

a RACF usercrossID -linkingis .known as

The

cross-linking

information

contained

in

the RACF database

can be use

The

DCE segment,

defined

to the

RACF

user profile,

associates

a

DCE

with

the

RACF

user profile. See Figure 17

on

page 20

for

the

contents

segment.

The

DCEUUIDS

general

resource

class

contains

the cross-linking informatio

each

RACF/DCE

user. Profiles defined to the

RACF DCEUUIDS

class

associ

DCE principal

with

a

RACF

user

ID

on

a particular system

that

is

par

cell.

The

security

administrator must work with the DCE administrator

to

def

profiles

to

supportcrossthe-linking andsingle

signon

to

DCEfeatures.

Cross-Linking Between RACF Users

and

DCE

Principals

Profiles in the DCEUUIDS class establish a

cross-link between a DCE p

UUID and a RACF user ID. Two OpenEdition DCE utilities administer DCE

information

in

the

RACF

database and create the initial cross-link info

between the

RACF

user

profile and the DCE principal registry:

mvsimpt

is

a

two-pass

utility

that

creates

DCE principal entries in t

registry for

the

set of

RACF

users

chosen to be cross-linked

the output from the RACF database unload utility. The unloaded

database

is

sorted

by the administrator according to RACF u

a RACF DCE segment and

filtered by the utility according to

entries

from

previous

mvsimpt

and mvsexpt processing.

mvsexpt

is

a

two-pass

utility that populates a RACF database with in

a

set

of

DCE

principals. It creates and updates the RACF DC

segment

for

each

DCE

principal

being

cross-linked with the RACF

 Copyright IBM Corp. 1994,

1996

37