You are previewing IBM z/OS V2R2: Security.
O'Reilly logo
IBM z/OS V2R2: Security

Book Description

This IBM® Redbooks® publication helps you to become familiar with the technical changes that were introduced to the security areas with IBM z/OS® V2R2.
The following chapters are included:

- Chapter 1, “RACF updates” on page 1: In this chapter, we describe the read-only auditor attribute, password security enhancements, RACDCERT (granular certificate administration), UNIX search authority, and RACF Remote sharing facility (RRSF).

- Chapter 2, “LDAP updates” on page 13: In this chapter, we describe the activity log enhancements, compatibility level upgrade without LDAP outage, dynamic group performance enhancements, and replication of password policy attributes from a read-only replica.

- Chapter 3, “PKI updates” on page 21: In this chapter, we describe the Network Authentication Service (KERBEROS) PKINIT, PKI nxm authorization, PKI OCSP enhancement, and RACDCERT (granular certificate administration)

- Chapter 4, “z/OS UNIX search and file execution authority” on page 27: z/OS UNIX search authority, z/OS UNIX file execution, Examples for exploiting the new functions

This book is one of a series of IBM Redbooks that take a modular approach to providing information about the updates that are included with z/OS V2R2. This approach has the following goals:

- Provide modular content
- Group the technical changes into a topic
- Provide a more streamlined way of finding relevant information that is based on the topic

We hope you find this approach useful and we welcome your feedback.

Table of Contents

  1. Front cover
  2. Notices
    1. Trademarks
  3. IBM Redbooks promotions
  4. Preface
    1. Authors
    2. Now you can become a published author, too!
    3. Comments welcome
    4. Stay connected to IBM Redbooks
  5. Chapter 1. RACF updates
    1. 1.1 IBM Resource Access Control Facility
    2. 1.2 Read-only auditor attribute
    3. 1.3 Password security enhancements
      1. 1.3.1 Default password removal for ADDUSER
      2. 1.3.2 ICHDEX01 default change
      3. 1.3.3 Password phrase support for RACLINK
      4. 1.3.4 Default change for Health Check
    4. 1.4 RACDCERT - Granular certificate administration
    5. 1.5 UNIX search authority
      1. 1.5.1 Directory search
      2. 1.5.2 File running
    6. 1.6 RACF remote sharing facility
      1. 1.6.1 RRSF dynamic MAIN switching
      2. 1.6.2 RACF – RRSF unidirectional connections
  6. Chapter 2. LDAP updates
    1. 2.1 Activity log enhancements
      1. 2.1.1 Configuration file
    2. 2.2 Compatibility level upgrade without LDAP outage
      1. 2.2.1 New display commands
      2. 2.2.2 Migration and coexistence
    3. 2.3 Dynamic group performance enhancements
      1. 2.3.1 Dynamic group suggestions
    4. 2.4 Replication of password policy attributes from a read-only replica
      1. 2.4.1 Migration and coexistence
      2. 2.4.2 Benefit and value
  7. Chapter 3. PKI updates
    1. 3.1 Network Authentication Service PKINIT
    2. 3.2 PKI NxM authorization
    3. 3.3 PKI OCSP enhancement
      1. 3.3.1 Usage and invocation
    4. 3.4 RACDCERT - Granular certificate administration
      1. 3.4.1 Example 1: One profile for one function
      2. 3.4.2 Example 2: One profile for multiple functions
  8. Chapter 4. z/OS UNIX search and file execution authority
    1. 4.1 z/OS UNIX search authority
      1. 4.1.1 New UNIXPRIV profile
    2. 4.2 z/OS UNIX file execution
      1. 4.2.1 New class FSEXEC
    3. 4.3 Examples for the use of the new functions
      1. 4.3.1 Allowing a user to read entries in a UNIX directory and find entries
      2. 4.3.2 Controlling file execution
  9. Related publications
    1. IBM Redbooks
    2. Other publications
    3. Help from IBM
  10. Back cover