On Tue, 7 Feb 2017 12:35:10 -0800, Ed Jaffe <[email protected]> wrote:
>Any notion of extending to 32 characters would be sheer folly. That >would require changes to the three major security products, z/OS >subsystems, ISV products, customer code, etc. It would never get done. >Never, ever... RACF (and presumably the other security products if they're properly maintaining RACF compatibility) already support mapping long identities into 8-character user IDs. Think, for example, of scenarios such as a user's tn3270e client presenting a digital certificate to the server over SSL/TLS and getting logged on to an application such as TSO/E, CICS, etc. automatically without further action on the user's part. In theory, similar supported located at the "edge" between z/OS and network apps would also allow mapping from a 32-character Linux ID to an 8-character z/OS ID, without user action. It's not a perfect solution for what gil wants to see, but it would solve a lot of compatibility issues without requiring all the applications to change. Only the security products. z/OS also provides functions, today, that applications can use for something similar: z/OS Enerprise Identity Mapping. For more about that you can see its Guide and Reference: http://publibz.boulder.ibm.com/cgi-bin/bookmgr_OS390/BOOKS/eima1170/CCONTENTS?SHELF=all13be9&DN=SA22-7875-09&DT=20100617152016 or http://preview.tinyurl.com/znostgd ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
