DCEUUIDS Class, Signon to, Activating | IBM GC28-1920-01 specification

Activating

database. The mvsexpt utility takes a specified input file or

registry

for

each

principal specified

and

creates

the

RACF DC

and

profiles

in

the

RACF

general

resource

class,

DCEUUIDS.

For more information on these utilities,OpenEditionseeDCE Administration .Guide

Although

you

can

administer

the DCEUUIDS

profiles

using

the

RACF

RDEFINE

and RALTER

commands, it stronglyis

recommendedthat you use the OS/390

OpenEdition

DCE utilities.

Attention

Changing

the

UUID

or

HOMEUUID

fields

in a

user

profile

DCE

segment

RACF commands

(such as ADDUSER, ALTUSER, or DELUSER)

doesnot

update DCEUUIDS class profiles. It is

strongly

recommended

that you

OS/390 OpenEdition DCE utilities to maintain

the

DCE

information

contained

within

RACF.

The OS/390 OpenEdition DCE utilities maintain a file of users that have processed. If you perform subsequent administration, and do not use utilities, the processed entry file might not be accurate. Inaccurac can cause unpredictable results the next time the OpenEdition DCE utili used.

Activating	the	DCEUUIDS Class
Before	OS/390	OpenEdition DCE can use profiles defined to the DCEUUIDS
the security		administrator must activate the class. To activate the DCE
enter:
SETROPTS CLASSACT(DCEUUIDS)

Single

Signon to

DCE

RACF

support

for

OS/390 OpenEdition DCE providessinglefor signona

to. DCE

OS/390 OpenEdition DCE single signon signs an MVS user on to DCE

automatically

if

that user has already been authenticated by

RACF. To

signon

to

DCE processing, the

following conditions

must

be

met:

Ÿ

The

security

administrator

has

requested single

signon

to DCE

process

the

user.

Ÿ

The

security

administrator

has

defined

the

DCE

encryption

key.

Ÿ

The

user

is

not currently logged into DCE.

Ÿ

The

user invokes a DCE application.

Ÿ

The

user is defined as a DCE principal to the DCE registry.

Before

OpenEdition DCE

single

signon

support

can

be

invoked

for

an

MVS

us

the

MVS

user must be enrolled for

single

signon

to

DCE. To

enroll:

Ÿ

RACF

setup procedures for DCE interoperability must be completed.

Ÿ

A

DCE

segment

must be created for the MVS

user

in the RACF user pr

The

user profile DCE segment must contain the user's DCE information.

Ÿ

The

AUTOLOGIN

value in the user's DCE segment

must be

set

to

YES

to

invoke

single

signon processing. If the value

is

set to

NO,

single

si

DCE

processing

does

not occur.

38

OS/390 V1R2.0

Security

Server

(RACF)

Planning:

Installation and

Migration

Image 62

IBM GC28-1920-01 manual DCEUUIDS Class, Signon to, Activating

Contents

Place graphic in this area. Outline is keyline only. DO NOT PRINT Security Server RACF Planning Installation and MigrationOS/390 Page Security Server RACF Planning Installation and Migration Second Edition, September 1996. AllPage Page Contents Migration Auditing Considerations Administration ConsiderationsCustomization Considerations Chapter Operational ConsiderationsIndex 10. ApplicationPage Figures Page Notices Trademarks Who Should Use This Book How to Use ThisAbout This Book xiii Ÿ The OS/390 Security Server RACF Information , PackageSK2T-2180 Where to Find More InformationSoftcopy Publications Server Using the Administration, H3927Elements of Security RACF Installation - Student GG24-3971Notes Ÿ Tutorial Options for Tuning GG22RACF Internet Sources Other Sources of InformationIBM Discussion Areas listserv@uga.cc.uga.edu Publications To Request Copies of Features OS/390xviii OSA/SF ServiceŸ OpenEditionProduct V2R5TSO/EPage Summary of Changes Page Migration Migration Planning ConsiderationsChapter 1. Planning Customization Considerations Installation ConsiderationsAdministration Considerations Application Development Considerations Auditing ConsiderationsOperational Considerations General User ConsiderationsPage Chapter 2. Release Overview New and Enhanced Support function OS/390 OpenEdition DCEidentifies introduced in OS/390 Release Concepts Check OS/390 OpenEdition Authorizing and Auditing Server Access to the CCS and WLM ServicesAuditing the Passing of Access Rights SOMobjects for MVS non-main Multisystem NodesRRSF Network systems TARGET OS/390 Enable and Disable FunctionsYear classes NetView1.10 Facility identifies function Function Not Upgradedupdated for that 3. Summary of Components forRelease Class Descriptor Table CDT which Commandslists classes there Command Chapter 3. Summary of Changes to RACF Components for OS/390 15Release lists changed Data AreasExits general-use programming interface GUPI data are Figure 12 lists changes MacrosMessages RACF macros Messages New MessagesChanged Messages RACF Database Split/Merge Utility IRRUT400 Routines PanelsPublications Library Figure 13 lists RACF panels that are Figure 16 identifies changes to RACF members of SYS1.SAMPLIB SYS1.SAMPLIBTemplates RACROUTE REQUEST=EXTRACT Template UtilitiesFigure 18 lists changes to RACF utilities for OS/390 Release Utility 0280 Chapter 4. Planning Considerations OS/390 Security Server RACF Planning Installation and forMigrationRACF Planning Installation and Migrationfor RACF Migration Strategy Software Requirements RACF Planning Installation and Migrationfor RACF 2.1, andHardware Requirements RACF Migration and Planning for RACF Requirements CompatibilityCompatibility Considerations for Remote Sharing Page Considerations Chapter 5. Installation ConsiderationsEnabling RACF Networks are in your existing workspace data sets when you installationconfigured install multisystem R Chapter 5. Installation Considerations29 must sysname prefixnodename local-lu prefix.local-node.local-node .INMSG This section discusses storage considerations for RACF RACF Storage ConsiderationsVirtual Storage Figure 21 estimates RACF virtual storage usage, for planning purposes Customer Additions to the CDT Subpool information, OS/390see Security Server Templates for RACF onOS/390 Release System and IRRSXT00 Chapter 6. Customization ConsiderationsExit Processing Effects of OS/390 OpenEdition DCE IRRSXT00 Installation Exit RACROUTE REQUEST=DEFINE Preprocessing Exit ICHRDX01 Cross-Linking Between RACF Users Chapter 7. Administration ConsiderationsServer RACF Security Administrators. Guide signon Activating DCEUUIDS ClassSignon to the DCE Encryption Key single signon restrictionsOpenEditionsee DCE Administration .GuideOS/390 OpenEdition DCE Application Considerations Threads and OpenEdition Planning, and inOS/390 OpenEdition Programming AssemblerLibrary Reference callable servicepthread orsecuritynp Changes to RACF Authorization ProcessingRestrictions Enhancements to the Rdceruid Callable ServiceUtility Chapter 7. Administration Considerations43 SYSMVIEWPage Auditors Guide and OS/390 Chapter 8. Auditing ConsiderationsSMF Records Server RACF Macros Interfaces ServicesAuditing New OS/390 Report Writer Auditing OS/390 OpenEdition DCE SupportAuditing SystemView for MVS Support SMF Data Unload UtilityPage Chapter 9. Operational Considerations CommandOS/390 Security Server RACF Command Language Referencefor more Enabling and DisablingPage Servers Chapter 10. Application Development Considerations2000 Support 01yydddF New Application Services and Security pthread the securitynp Changes to the Class Descriptor Table ServiceNew Application Authorization Programming Interfaces Ÿ “Macros” on page Ÿ “Templates” on page Ÿ “Utilities” on page Ÿ “Routines” on page OpenEdition Chapter 11. General UserConsiderations Reference forPage OW08457 Chapter 12. NJE ConsiderationsAPAR OW14451 After Applying the PTF UACC Actions RequiredOW08457 NODES FAILSAFE APAR OW15408GROUP Page Nodes Chapter 13. ScenariosMigrating an Existing RRSF prefixTARGET NODEORLANDO DELETE prefixTARGET NODEMIAMI2 SYSNAMESYSTEM2 LOCAL OPERATIVEOn MIAMI2 prefixTARGET NODEMIAMI2 DELETE DELETE RACF DiagnosisOn ORLANDO prefixTARGET NODEORLANDO OPERATIVE PREFIX... PROTOCOL... WORKSPACE Note The direction Glossaryaccess Page programming Seegeneral-use programmingSeeinventory Seelogical Seemultisystem logical other.single-system supervisory task segment andDFP Index A classes continued continued Page KEYSMSTR SERVERSFSCMD utilitiescontinued Page Edition OS/390 Security Server RACF Information IBM Now you can! TheIBM Online Library Productivity Page Page Communicating Your Comments to IBM comments Publication No. GC28-1920-01 Readers Comments - Wed Like to Hear from YouOS/390 Security Server RACF Planning Installation and Migration Note Copies BUSINESS MAILREPLY IBMPage GC28-192ð-ð1 IBMDrop in Back Cover Image Here