Yes. You need the pam_ldap module with some small modifications to give it a NDS-like search context concept. pam_krb4 and pam_krb5 also work against the z/OS Kerberos implementation. It's one of the things in the single-sign on paper I promised back in Dec (yes, I still remember who asked for it), and finally have enough cycles to actually finish it up.
Keep in mind that LDAP is *not* optimized for performance on *any* platform -- z/OS is better than most, but LDAP is a complicated protocol and may be much more effective as a resource locator for a different authentication mechanism (like Kerberos or the X.509 GSI support in the Globus toolkit). -- db ----- Original Message ----- From: "Jim Elliott" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, March 18, 2002 12:27 PM Subject: Authentication on Linux using PAM to a z/OS RACF server > In theory, you should be able to use PAM to provide Linux authentication > and resource contol through to the LDAP server that is part of the z/OS > Security Server (nee RACF). Has anyone done this or does anyone have an > idea as to where to start? > > Regards, Jim Elliott >
