On Thu, 12 Mar 2009 10:33:10 -0400, Lou, Jim <[email protected]> wrote: >We are considering the use of PASSWORD ENVELOPE in order to allow RACF >EVENT NOTIFICATION to LDAP. It seems that unless the use of password >envelope is enabled then LDAP will not be told of any password changes.
Generally one would use password enveloping in order to allow secure transport of a user's changed password from one z/OS system to another (typically not z/OS) system. So I'm a little curious about your wanting it simply for event notification. What do you plan to do once you detect that the event has happened? In any case, I suggest that the RACF-L mailing list is perhaps more appropriate for that question, as you'll get at least a wider audience of IBMers knowledgeable on that topic over there, and probably the same or a larger set of knowledgeable non-IBMers, too. -- Walt Farrell, CISSP IBM STSM, z/OS Security Design ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
