Would you expand on your question a bit, Steve. I assume you mean Kerberos KDC. Does AD mean Active Directory (Microsoft) in the context of your question? Basically, if you could draw a mental picture, that would be helpful.
To take a guess at your question, I think there are a fair number of places where identity management is used to grant and revoke user credentials within the mainframe security systems. But very typically the mainframe security system remains responsible for authenticating and authorizing user access to various mainframe-hosted resources, and often to various resources outside the mainframe as well. (The "boss" security hub, basically.) There are myriad reasons for that, but fundamentally the mainframe-hosted resources are typically extremely high business value, and mainframe security systems are exceptionally, even uniquely, strong and well-proven, assuming competent management of course. So in most environments there's a push to use the mainframe as a security "hub," extending its reach to encompass other resources (information, applications) in standards-compliant ways. There are various ways to do that, but I'll stop there in case I'm headed in the wrong direction with that background. - - - - - Timothy Sipples IBM Consulting Enterprise Software Architect Specializing in Software Architectures Related to System z Based in Tokyo, Serving IBM Japan and IBM Asia-Pacific E-Mail: [EMAIL PROTECTED] ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
