You are previewing ABCs of IBM z/OS System Programming Volume 6.
O'Reilly logo
ABCs of IBM z/OS System Programming Volume 6

Book Description

The ABCs of IBM® z/OS® System Programming is an 11-volume collection that provides an introduction to the z/OS operating system and the hardware architecture. Whether you are a beginner or an experienced system programmer, the ABCs collection provides the information that you need to start your research into z/OS and related subjects. If you want to become more familiar with z/OS in your current environment or if you are evaluating platforms to consolidate your e-business applications, the ABCs collection can serve as a powerful technical tool.

Following are the contents of the volumes:

  • Volume 1: Introduction to z/OS and storage concepts, TSO/E, ISPF, JCL, SDSF, and z/OS delivery and installation

  • Volume 2: z/OS implementation and daily maintenance, defining subsystems, JES2 and JES3, LPA, LNKLST, authorized libraries, IBM Language Environment®, and SMP/E

  • Volume 3: Introduction to DFSMS, data set basics, storage management hardware and software, VSAM, System-managed storage, catalogs, and DFSMStvs

  • Volume 4: Communication Server, TCP/IP, and IBM VTAM®

  • Volume 5: Base and IBM Parallel Sysplex®, System Logger, Resource Recovery Services (RRS), global resource serialization (GRS), z/OS system operations, automatic restart management (ARM), and IBM Geographically Dispersed Parallel Sysplex™ (IBM GDPS®)

  • Volume 6: Introduction to security, IBM RACF®, digital certificates and public key infrastructure (PKI), Kerberos, cryptography and IBM z9® integrated cryptography, Lightweight Directory Access Protocol (LDAP), and Enterprise Identity Mapping (EIM)

  • Volume 7: Printing in a z/OS environment, Infoprint Server, and Infoprint Central

  • Volume 8: An introduction to z/OS problem diagnosis

  • Volume 9: z/OS UNIX System Services

  • Volume 10: Introduction to IBM z/Architecture®, IBM System z® processor design, System z connectivity, logical partition (LPAR) concepts, hardware configuration definition (HCD), and Hardware Management Console (HMC)

  • Volume 11: Capacity planning, performance management, Workload Manager (WLM), IBM Resource Measurement Facility™ (RMF™), and System Management Facilities (SMF)

  • Table of Contents

    1. Front cover
    2. Notices
      1. Trademarks
    3. Preface
      1. The team that wrote this book
      2. Become a published author
      3. Comments welcome
    4. Chapter 1. Introduction to z/OS security
      1. 1.1 z/OS basic security facilities
      2. 1.2 z/OS Security Server Components
      3. 1.3 Integrated Security Services components
      4. 1.4 Cryptographic Services
    5. Chapter 2. z/OS Security Server RACF
      1. 2.1 What is RACF?
      2. 2.2 RACF functions
      3. 2.3 RACF ISPF panel
      4. 2.4 RACF profiles
      5. 2.5 RACF commands
      6. 2.6 User authentication
      7. 2.7 Resource managers
      8. 2.8 System Authorization Facility (SAF)
      9. 2.9 RACF classes
      10. 2.10 Security administration with RACF
      11. 2.11 RACF user identification and verification
      12. 2.12 RACF user profile
      13. 2.13 RACF user attributes
      14. 2.14 RACF user segments
      15. 2.15 RACF user ID and password
      16. 2.16 Adding a new user to RACF
      17. 2.17 Reset a user password
      18. 2.18 Alter a user ID
      19. 2.19 Change a user’s password interval
      20. 2.20 Delete a user ID
      21. 2.21 User related RACF commands
      22. 2.22 RACF groups
      23. 2.23 RACF group structure example
      24. 2.24 RACF group related commands: Add a group
      25. 2.25 RACF group related commands: Alter a group
      26. 2.26 RACF group related commands: Delete a group
      27. 2.27 Connect a user to a group
      28. 2.28 Remove a user from a group
      29. 2.29 Data sets and general resources
      30. 2.30 Data sets and general resources
      31. 2.31 Data set profiles
      32. 2.32 Defining data set profiles
      33. 2.33 Data set profile access list
      34. 2.34 Add a data set profile
      35. 2.35 Alter a data set profile
      36. 2.36 Search RACF database using a mask
      37. 2.37 Data set related commands
      38. 2.38 Data set related commands
      39. 2.39 General resources related commands
      40. 2.40 General resources related commands
      41. 2.41 General resources related commands
      42. 2.42 SET RACF system options
      43. 2.43 Statistic related options
      44. 2.44 Password related options
      45. 2.45 Data set related options
      46. 2.46 Class related options
      47. 2.47 Authorization checking related options
      48. 2.48 Tape related options
      49. 2.49 RVARYPW and other options for initial setup
      50. 2.50 Auditor related options(1)
      51. 2.51 Auditor related options(2)
      52. 2.52 SETROPTS: Display options (LIST)
      53. 2.53 RACF monitoring
      54. 2.54 RACF monitoring
      55. 2.55 RACF monitoring
      56. 2.56 RACF auditing tools
      57. 2.57 RACF auditing - IRRADU00
      58. 2.58 RACF auditing
      59. 2.59 RACF auditing
      60. 2.60 RACF auditing
      61. 2.61 RACF auditing - DSMON
      62. 2.62 RACF auditing
      63. 2.63 RACF auditing
      64. 2.64 RACF auditing - IRRDBU00
    6. Chapter 3. Digital certificates and PKI
      1. 3.1 The authentication problem
      2. 3.2 Overview of digital certificate
      3. 3.3 The public key cryptography trust model
      4. 3.4 Elements of PKI in z/OS
      5. 3.5 The PKIX standards
      6. 3.6 The RSA public key cryptography standards (PKCS)
      7. 3.7 The PKCS-10 certificate request
      8. 3.8 The X.509 certificate
      9. 3.9 X.509 certificate revocation list
      10. 3.10 X.509 V3 certificate: Standard extensions
      11. 3.11 Contents of the digital certificate
      12. 3.12 Browser certificates
      13. 3.13 Server certificates
      14. 3.14 z/OS PKI services architecture
      15. 3.15 Get PKI up and running
      16. 3.16 Setting up RACF environment for PKI prerequisites
      17. 3.17 Add RACF groups for PKI services
      18. 3.18 RACF for PKI Services
      19. 3.19 Prepare and configure the UNIX System Services environment
      20. 3.20 Setting up the Web servers for PKI
      21. 3.21 Setting up the LDAP server for PKI
      22. 3.22 Setting up the PKI Services task
      23. 3.23 Configure OCSF and OCEP to work with PKI Services
      24. 3.24 Configure the PKI Services
      25. 3.25 PKI exit
      26. 3.26 Test for scenario one
      27. 3.27 Starting and stopping PKI Services
    7. Chapter 4. Kerberos
      1. 4.1 Introduction to Kerberos
      2. 4.2 Kerberos terminology
      3. 4.3 Kerberos protocol overview
      4. 4.4 Get a ticket-granting ticket
      5. 4.5 Request a service ticket
      6. 4.6 Authenticate to target server
      7. 4.7 Kerberos inter-realm trust relationship
      8. 4.8 Some assumptions to Kerberos
      9. 4.9 Implementing Network Authentication Service
      10. 4.10 Setting up the Kerberos environment variable files
      11. 4.11 Setting up HFS for Kerberos cache files
      12. 4.12 Kerberos integrated with RACF
      13. 4.13 Define Kerberos local principals
      14. 4.14 Define Kerberos foreign principals
      15. 4.15 Kerberos user commands
      16. 4.16 Auditing
    8. Chapter 5. Cryptographic Services
      1. 5.1 Introduction to cryptography
      2. 5.2 Cryptographic capabilities
      3. 5.3 Symmetric and asymmetric encryption algorithms
      4. 5.4 Symmetric encryption algorithms
      5. 5.5 Asymmetric encryption algorithms
      6. 5.6 Use of cryptosystems: Data privacy
      7. 5.7 Use of cryptosystems: Data integrity
      8. 5.8 Use of cryptosystems: Digital signatures
      9. 5.9 IBM Common Cryptographic Architecture
      10. 5.10 IBM System z9: Cryptographic overview
      11. 5.11 CP Assist for Cryptographic Functions (CPACF)
      12. 5.12 Crypto Express 2 feature
      13. 5.13 PCIXCC hardware overview
      14. 5.14 PCIXCC software overview
      15. 5.15 DES key management
      16. 5.16 DES encryption
      17. 5.17 DES key forms
      18. 5.18 Key distribution: Key export
      19. 5.19 Key distribution: Key import
      20. 5.20 PKA key management
      21. 5.21 ICSF
    9. Chapter 6. LDAP
      1. 6.1 What is LDAP
      2. 6.2 What is a directory service
      3. 6.3 LDAP directory structure
      4. 6.4 How LDAP works
      5. 6.5 LDAP functional model
      6. 6.6 LDAP servers on z/OS (Integrated Security Server LDAPplus IBM Tivoli Directory Server)
      7. 6.7 LDAP server back ends
      8. 6.8 Capabilities of the Tivoli Directory Server LDAP server (1/2)
      9. 6.9 Capabilities of the Tivoli Directory Server LDAP server (2/2)
      10. 6.10 LDAP configuration by utility
      11. 6.11 Utility ldapcnf restrictions
      12. 6.12 Utility dsconfig restrictions
      13. 6.13 Utility invocation and outputs
      14. 6.14 Configuration roles and responsibilities
      15. 6.15 The LDAP schema
      16. 6.16 Schema attribute types
      17. 6.17 LDAP directory schema
      18. 6.18 Authentication with an LDAP server
      19. 6.19 LDAP authentication with RACF
      20. 6.20 z/OS LDAP server native authentication
      21. 6.21 Enabling LDAP native authentication
      22. 6.22 Native authentication configuration options
      23. 6.23 More native authentication configuration options
      24. 6.24 LDAP server-side Kerberos bind
      25. 6.25 LDAP Kerberos configuration
      26. 6.26 LDAP Kerberos directory schema
      27. 6.27 LDAP Kerberos: Mapping algorithms
      28. 6.28 LDAP Kerberos: LDBM and TDBM mapping
      29. 6.29 Configuring access control
      30. 6.30 How to set up a Kerberos directory
      31. 6.31 Access control lists
      32. 6.32 Access evaluation
      33. 6.33 Managing ACLs
      34. 6.34 Running the LDAP server in z/OS
      35. 6.35 Referrals and replication
      36. 6.36 LDAP change logging
    10. Chapter 7. EIM
      1. 7.1 Overview of EIM
      2. 7.2 EIM concepts
      3. 7.3 Setting up EIM in z/OS
      4. 7.4 Installing and configuring EIM on z/OS
      5. 7.5 Domain authentication methods
      6. 7.6 EIM additional administration tasks
      7. 7.7 RACF support for EIM
      8. 7.8 Storing LDAP binding information in a profile
      9. 7.9 Setting up a registry name for your local RACF registry
    11. Related publications
      1. IBM Redbooks publications
      2. Other publications
      3. How to get IBM Redbooks publications
    12. Back cover
    13. IBM System x Reference Architecture for Hadoop: IBM InfoSphere BigInsights Reference Architecture
      1. Introduction
      2. Business problem and business value
      3. Reference architecture use
      4. Requirements
      5. InfoSphere BigInsights predefined configuration
      6. InfoSphere BigInsights HBase predefined configuration
      7. Deployment considerations
      8. Customizing the predefined configurations
      9. Predefined configuration bill of materials
      10. References
      11. The team who wrote this paper
      12. Now you can become a published author, too!
      13. Stay connected to IBM Redbooks
    14. Notices
      1. Trademarks