The following message is a courtesy copy of an article that has been posted to bit.listserv.ibm-main as well.
[EMAIL PROTECTED] (McKown, John) writes: > But on the off chance that I'm wrong, I will ask anyway. We use > Windows as our desktop OS <blech>. One "nice" thing about it is that > when we go to a restricted internal IIS web site, we are automagically > "logged on" to the web site via the Active Directory "trust" mechanism > (as I vaguely understand it). Is there any way to extend this so that > when a user goes to our z/OS HTTP web server, they can be > automagically logged on to their corresponding z/OS RACF id? We do use > RACF on z/OS. We don't have any money for this, so a product (unless > it is 100% free-as-in-beer and 100% supported) is out of the > question. Yes, this is really a whine from the Windows people again > about how "unfriendly" z/OS is. I wonder if they whine about our Linux > and Solaris servers as well? can you say kerberos? ... some windows references: http://technet2.microsoft.com/windowsserver/en/library/b748fb3f-dbf0-4b01-9b22-be14a8b4ae101033.mspx http://www.microsoft.com/windowsserver2003/technologies/security/kerberos/default.mspx some ibm references http://www.redbooks.ibm.com/abstracts/sg246540.html?Open http://publib.boulder.ibm.com/infocenter/dzichelp/v2r2/topic/com.ibm.db29.doc.admin/db2z_establishkerberosthruracf.htm http://www-03.ibm.com/servers/eserver/zseries/zos/racf/pdf/share_03_2001_racf_kerberos_windows.pdf http://www-03.ibm.com/servers/eserver/zseries/zos/racf/kmigrate.html and then there is stuff like: IBM CICS RACF Security and Microsoft Windows Server 2003 Security http://technet.microsoft.com/en-us/library/bb463146.aspx kerberos was originally developed a MIT's Project Athena ...and then became internet standard (GSS) ... and has been adopted by quite a few infrastructures for authentication interoperability ... from my rfc index http://www.garlic.com/~lynn/rfcietff.htm select "Term (term->RFC#)" in the "RFCs listed by" section, and then select "GSS" in "Acryonym fastpath" ... i.e. generic security service (GSS) see also network services , security 5021 4768 4757 4752 4559 4557 4556 4537 4462 4430 4402 4401 4178 4121 4120 3962 3961 3645 3244 3129 2942 2853 2744 2743 2712 2623 2479 2478 2203 2078 2025 1964 1961 1510 1509 1508 1411 ... selecting RFC number brings up the corresponding summary in the lower frame ... i.e. 5021 PS Extended Kerberos Version 5 Key Distribution Center (KDC) Exchanges over TCP, Josefsson S., 2007/08/17 (7pp) (.txt=13431) (Updates 4120) (Refs 4120) (was draft-ietf-krb-wg-tcp-expansion-02.txt) ... and selecting the ".txt=nnn" filed (in rfc summary) retrieves the actual RFC. misc. past posts mentioning kerberos and/or pk-init http://www.garlic.com/~lynn/subpubkey.html#kerberos ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
