I know I am repeating myself, but there is a redbook to come out -some day- where we discuss how TDI can be used to synchronize the RACF user definition information (more than just passwords thus) between z/OS and z/VM. The thing causing the delay is the TDI code to implement the sample logic we worked out to control which passwords, RACF group connections etc are synchronized between which z/VM & z/OS systems. We use the new LDAP & RACF levels that became available with z/VM 5.4.
2010/10/10 Leland Lucius <[email protected]> > Scott Rohling wrote: > >> Unless I'm misunderstanding - the z/VM directory password doesn't need to >> be in sync with RACF -- once RACF is installed, the directory passwords are >> irrelevant (except the pw for the RACFVM itself.. which is needed if RACF >> is down so you can login to the RACFVM guest and do recovery). Keeping the >> passwords in a readable format is not secure, so you really don't want the >> actual passwords in the directory. >> >> Yea, I was too deep into the TDI/TIM docs to remember anything about > z/VM. ;-) > > Maybe I should just fiddle around the with the z/VM LDAP server to see if I > can get it working before going down some other crazy path. > > Leland > -- Kris Buelens, IBM Belgium, VM customer support
