Book description
The ABCs of IBM® z/OS® System Programming is an 11-volume collection that provides an introduction to the z/OS operating system and the hardware architecture. Whether you are a beginner or an experienced system programmer, the ABCs collection provides the information that you need to start your research into z/OS and related subjects. If you want to become more familiar with z/OS in your current environment or if you are evaluating platforms to consolidate your e-business applications, the ABCs collection can serve as a powerful technical tool.
Following are the contents of the volumes:
Volume 1: Introduction to z/OS and storage concepts, TSO/E,
ISPF, JCL, SDSF, and z/OS delivery and installation
Volume 2: z/OS implementation and daily maintenance, defining
subsystems, JES2 and JES3, LPA, LNKLST, authorized libraries, IBM
Language Environment®, and SMP/E
Volume 3: Introduction to DFSMS, data set basics, storage
management hardware and software, VSAM, System-managed storage,
catalogs, and DFSMStvs
Volume 4: Communication Server, TCP/IP, and IBM
VTAM®
Volume 5: Base and IBM Parallel Sysplex®, System Logger,
Resource Recovery Services (RRS), global resource serialization
(GRS), z/OS system operations, automatic restart management (ARM),
and IBM Geographically Dispersed Parallel Sysplex™ (IBM
GDPS®)
Volume 6: Introduction to security, IBM RACF®, digital
certificates and public key infrastructure (PKI), Kerberos,
cryptography and IBM z9® integrated cryptography, Lightweight
Directory Access Protocol (LDAP), and Enterprise Identity Mapping
(EIM)
Volume 7: Printing in a z/OS environment, Infoprint Server, and
Infoprint Central
Volume 8: An introduction to z/OS problem diagnosis
Volume 9: z/OS UNIX System Services
Volume 10: Introduction to IBM z/Architecture®, IBM System
z® processor design, System z connectivity, logical partition
(LPAR) concepts, hardware configuration definition (HCD), and
Hardware Management Console (HMC)
Volume 11: Capacity planning, performance management, Workload Manager (WLM), IBM Resource Measurement Facility™ (RMF™), and System Management Facilities (SMF)
Table of contents
- Front cover
- Notices
- Preface
- Chapter 1. Introduction to z/OS security
-
Chapter 2. z/OS Security Server RACF
- 2.1 What is RACF?
- 2.2 RACF functions
- 2.3 RACF ISPF panel
- 2.4 RACF profiles
- 2.5 RACF commands
- 2.6 User authentication
- 2.7 Resource managers
- 2.8 System Authorization Facility (SAF)
- 2.9 RACF classes
- 2.10 Security administration with RACF
- 2.11 RACF user identification and verification
- 2.12 RACF user profile
- 2.13 RACF user attributes
- 2.14 RACF user segments
- 2.15 RACF user ID and password
- 2.16 Adding a new user to RACF
- 2.17 Reset a user password
- 2.18 Alter a user ID
- 2.19 Change a user’s password interval
- 2.20 Delete a user ID
- 2.21 User related RACF commands
- 2.22 RACF groups
- 2.23 RACF group structure example
- 2.24 RACF group related commands: Add a group
- 2.25 RACF group related commands: Alter a group
- 2.26 RACF group related commands: Delete a group
- 2.27 Connect a user to a group
- 2.28 Remove a user from a group
- 2.29 Data sets and general resources
- 2.30 Data sets and general resources
- 2.31 Data set profiles
- 2.32 Defining data set profiles
- 2.33 Data set profile access list
- 2.34 Add a data set profile
- 2.35 Alter a data set profile
- 2.36 Search RACF database using a mask
- 2.37 Data set related commands
- 2.38 Data set related commands
- 2.39 General resources related commands
- 2.40 General resources related commands
- 2.41 General resources related commands
- 2.42 SET RACF system options
- 2.43 Statistic related options
- 2.44 Password related options
- 2.45 Data set related options
- 2.46 Class related options
- 2.47 Authorization checking related options
- 2.48 Tape related options
- 2.49 RVARYPW and other options for initial setup
- 2.50 Auditor related options(1)
- 2.51 Auditor related options(2)
- 2.52 SETROPTS: Display options (LIST)
- 2.53 RACF monitoring
- 2.54 RACF monitoring
- 2.55 RACF monitoring
- 2.56 RACF auditing tools
- 2.57 RACF auditing - IRRADU00
- 2.58 RACF auditing
- 2.59 RACF auditing
- 2.60 RACF auditing
- 2.61 RACF auditing - DSMON
- 2.62 RACF auditing
- 2.63 RACF auditing
- 2.64 RACF auditing - IRRDBU00
-
Chapter 3. Digital certificates and PKI
- 3.1 The authentication problem
- 3.2 Overview of digital certificate
- 3.3 The public key cryptography trust model
- 3.4 Elements of PKI in z/OS
- 3.5 The PKIX standards
- 3.6 The RSA public key cryptography standards (PKCS)
- 3.7 The PKCS-10 certificate request
- 3.8 The X.509 certificate
- 3.9 X.509 certificate revocation list
- 3.10 X.509 V3 certificate: Standard extensions
- 3.11 Contents of the digital certificate
- 3.12 Browser certificates
- 3.13 Server certificates
- 3.14 z/OS PKI services architecture
- 3.15 Get PKI up and running
- 3.16 Setting up RACF environment for PKI prerequisites
- 3.17 Add RACF groups for PKI services
- 3.18 RACF for PKI Services
- 3.19 Prepare and configure the UNIX System Services environment
- 3.20 Setting up the Web servers for PKI
- 3.21 Setting up the LDAP server for PKI
- 3.22 Setting up the PKI Services task
- 3.23 Configure OCSF and OCEP to work with PKI Services
- 3.24 Configure the PKI Services
- 3.25 PKI exit
- 3.26 Test for scenario one
- 3.27 Starting and stopping PKI Services
-
Chapter 4. Kerberos
- 4.1 Introduction to Kerberos
- 4.2 Kerberos terminology
- 4.3 Kerberos protocol overview
- 4.4 Get a ticket-granting ticket
- 4.5 Request a service ticket
- 4.6 Authenticate to target server
- 4.7 Kerberos inter-realm trust relationship
- 4.8 Some assumptions to Kerberos
- 4.9 Implementing Network Authentication Service
- 4.10 Setting up the Kerberos environment variable files
- 4.11 Setting up HFS for Kerberos cache files
- 4.12 Kerberos integrated with RACF
- 4.13 Define Kerberos local principals
- 4.14 Define Kerberos foreign principals
- 4.15 Kerberos user commands
- 4.16 Auditing
-
Chapter 5. Cryptographic Services
- 5.1 Introduction to cryptography
- 5.2 Cryptographic capabilities
- 5.3 Symmetric and asymmetric encryption algorithms
- 5.4 Symmetric encryption algorithms
- 5.5 Asymmetric encryption algorithms
- 5.6 Use of cryptosystems: Data privacy
- 5.7 Use of cryptosystems: Data integrity
- 5.8 Use of cryptosystems: Digital signatures
- 5.9 IBM Common Cryptographic Architecture
- 5.10 IBM System z9: Cryptographic overview
- 5.11 CP Assist for Cryptographic Functions (CPACF)
- 5.12 Crypto Express 2 feature
- 5.13 PCIXCC hardware overview
- 5.14 PCIXCC software overview
- 5.15 DES key management
- 5.16 DES encryption
- 5.17 DES key forms
- 5.18 Key distribution: Key export
- 5.19 Key distribution: Key import
- 5.20 PKA key management
- 5.21 ICSF
-
Chapter 6. LDAP
- 6.1 What is LDAP
- 6.2 What is a directory service
- 6.3 LDAP directory structure
- 6.4 How LDAP works
- 6.5 LDAP functional model
- 6.6 LDAP servers on z/OS (Integrated Security Server LDAPplus IBM Tivoli Directory Server)
- 6.7 LDAP server back ends
- 6.8 Capabilities of the Tivoli Directory Server LDAP server (1/2)
- 6.9 Capabilities of the Tivoli Directory Server LDAP server (2/2)
- 6.10 LDAP configuration by utility
- 6.11 Utility ldapcnf restrictions
- 6.12 Utility dsconfig restrictions
- 6.13 Utility invocation and outputs
- 6.14 Configuration roles and responsibilities
- 6.15 The LDAP schema
- 6.16 Schema attribute types
- 6.17 LDAP directory schema
- 6.18 Authentication with an LDAP server
- 6.19 LDAP authentication with RACF
- 6.20 z/OS LDAP server native authentication
- 6.21 Enabling LDAP native authentication
- 6.22 Native authentication configuration options
- 6.23 More native authentication configuration options
- 6.24 LDAP server-side Kerberos bind
- 6.25 LDAP Kerberos configuration
- 6.26 LDAP Kerberos directory schema
- 6.27 LDAP Kerberos: Mapping algorithms
- 6.28 LDAP Kerberos: LDBM and TDBM mapping
- 6.29 Configuring access control
- 6.30 How to set up a Kerberos directory
- 6.31 Access control lists
- 6.32 Access evaluation
- 6.33 Managing ACLs
- 6.34 Running the LDAP server in z/OS
- 6.35 Referrals and replication
- 6.36 LDAP change logging
-
Chapter 7. EIM
- 7.1 Overview of EIM
- 7.2 EIM concepts
- 7.3 Setting up EIM in z/OS
- 7.4 Installing and configuring EIM on z/OS
- 7.5 Domain authentication methods
- 7.6 EIM additional administration tasks
- 7.7 RACF support for EIM
- 7.8 Storing LDAP binding information in a profile
- 7.9 Setting up a registry name for your local RACF registry
- Related publications
- Back cover
-
IBM System x Reference Architecture for Hadoop: IBM InfoSphere BigInsights Reference Architecture
- Introduction
- Business problem and business value
- Reference architecture use
- Requirements
- InfoSphere BigInsights predefined configuration
- InfoSphere BigInsights HBase predefined configuration
- Deployment considerations
- Customizing the predefined configurations
- Predefined configuration bill of materials
- References
- The team who wrote this paper
- Now you can become a published author, too!
- Stay connected to IBM Redbooks
- Notices
Product information
- Title: ABCs of IBM z/OS System Programming Volume 6
- Author(s):
- Release date: August 2014
- Publisher(s): IBM Redbooks
- ISBN: None
You might also like
book
ABCs of IBM z/OS System Programming Volume 3
Abstract The ABCs of IBM z/OS® System Programming is a 13-volume collection that provides an introduction …
book
ABCs of IBM z/OS System Programming Volume 2
Abstract The ABCs of IBM® z/OS® System Programming is a 13-volume collection that provides an introduction …
book
ABCs of IBM z/OS System Programming Volume 1
Abstract The ABCs of IBM® z/OS® System Programming is a 13-volume collection that provides an introduction …
book
ABCs of IBM z/OS System Programming Volume 1
The ABCs of IBM® z/OS® System Programming is a 13-volume collection that provides an introduction to …