ŸThe MVS user must have saved the current DCE password in the RACF
segment by invoking thestorepwDCE | command. | ||||
Note: Users still need | to | maintain | their passwords for RACF and Ope | ||
DCE separately, | and | must | use | storepwthe DCE to keep the DCE | |
password that | is | stored | in | RACF current. | |
Single signon supportnotisintended to be used by application servers. Sin signon support should be enabled only for end users. For more informat
single signon restrictionsOpenEditionsee DCE Administration .Guide
Specifying | the DCE Encryption Key |
|
|
|
|
|
|
|
|
|
| ||
The RACF KEYSMSTR class is a general resource class that contains the |
| ||||||||||||
DCE.PASSWORD.KEY | profile. This | profile | holds the encryption key that is u | ||||||||||
for encrypting and decrypting a | user's DCE password for use in OpenE | ||||||||||||
single signon support. The profile | defined | to | the | KEYSMSTR | class | contains | |||||||
SSIGNON | segment | that holds | either | the masked or encrypted value for |
| ||||||||
is used to encrypt DCE passwords | stored in the RACF database. Befor | ||||||||||||
OS/390 | user can save a DCE password | in | the | RACF database | or | before | |||||||
single | signon | feature can | be used, | the | security | administrator | must | d | |||||
to the KEYSMSTR class that defines | the | encryption | key, | and | activate | t | |||||||
KEYSMSTR | class. |
|
|
|
|
|
|
|
|
|
|
|
|
If a cryptographic product is present on the system, the security specify the KEYENCRYPTED
OS/390 OpenEdition DCE Application Considerations
OS/390 OpenEdition has two fundamental types of application servers:
ŸMultithreaded applications
Ÿ Single threaded applications
A multithreadedapplication has multiple sequential flows of control. In th application, more than one unit of work at a time is processed by application.
A single threadedapplication has one sequential flow of control. In this application, one unit of work is processed at a time by the applica
OS/390 OpenEdition provides an S/390 assembler callable | service and | suppo | ||||||||
through the C runtime library. This supportunau horizedenablesmultithreaded |
|
|
| |||||||
applications to create and delete a RACF ACEE in a | fashion | that | is | me | ||||||
controlled by the MVS OpenEdition kernel and RACF.unauthorizedThe term |
|
|
|
| ||||||
refers | to applications | that | are not | and do | not | run | in | |||
or in | a system | storage | protection | key. |
|
|
|
|
| |
The pthread_security_np | service | enables | multithreaded | applications | to | cust | ||||
the security environment of a thread, meaning that the thread can e
different RACF identity than the server. pthreadThe _usesecurityofnp the |
| ||||
callable s000000000 the C runtime librarypthread security_np() | API | requires |
| ||
administration | by the security | administrator. Administrative consideratio | |||
MVS OpenEdition | pthread_security_np | callable service | are | discussedOS/390 | in |
Chapter 7. Administration Considerations39
