Paul Gilmartin writes: >Of course, "turn on" implies commiting the CPU (micro)cycles to peform >the encryption.
Yes it does. Google and Microsoft (to pick two examples) made the resource commitment years ago, when computing power cost a lot more, and their customers are far more secure. Training airline pilots costs money, too. Putting seat belts in automobiles costs money. Testing a new pharmaceutical costs money. >And, again, is that "LDAP" an LDAP client or an LDAP server. If IT >management has decreed that IDs should be managed via LDAP >hosted on, e.g., a Linux server, z/OS needs not an LDAP server but >an LDAP client in order to play well with others. With such a decision >a fait accompli, that management will be little moved by arguments >of the technical superiority of Tivoli. It's called Tivoli Directory Server for z/OS. Granted, software names aren't always perfect, but server means server. But yes, it also includes an LDAP client. I'll quote from IBM redbook SG24-7849: "The IBM Tivoli Directory Server for z/OS deliverable that ships with the base of z/OS provides a Version 3 LDAP client and server. The z/OS LDAP client contains C APIs and command line utilities used to add, delete, modify, rename, compare, and search entries in an LDAP directory." C APIs are, of course, callable from practically anything -- COBOL, Java, PL/I, Assembler, etc. (There are additional middleware options if you don't even want to do that.) So yes, your z/OS-based applications can access some/any other LDAP V3 server(s) for their authentication and/or authorization needs if that's the way your IT department wants to roll, via exits and/or directly. And that's base z/OS -- every z/OS licensee has that capability today, even if you don't have the z/OS Security Server (RACF). Here's the link to the redbook for more information: http://www.redbooks.ibm.com/redbooks/pdfs/sg247849.pdf You can also use Java as your LDAP client environment on z/OS if you prefer. Java (the IBM SDK) is also a no additional charge feature of base z/OS, and you can use JNDI methods to access LDAP servers (including the Tivoli Directory Server for z/OS). -------------------------------------------------------------------------------------------------------- Timothy Sipples Resident Enterprise Architect (Based in Singapore) E-Mail: [email protected] ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
