I have gottten this to work using DB2 with Native authentication. This
allows you to use DB2 for everything except the password. The only thing I
don't like about it is you have to have a RACF id associated with every
entry in your LDAP database. In effect you have two repositories. Of
course once created they are managed as one but you have to ensure that
creation and deletion of id's happens in both places.
Frank J. De Gilio
Complex Solution Architect
IBM Design Center for e-transaction processing
|---------+------------------------------>
| | Carlos |
| | Ordonez/Poughkeepsi|
| | e/IBM@IBMUS |
| | Sent by: Linux on |
| | 390 Port |
| | <[EMAIL PROTECTED]|
| | T.EDU> |
| | |
| | |
| | 03/19/2002 07:56 AM|
| | Please respond to |
| | Linux on 390 Port |
| | |
|---------+------------------------------>
>---------------------------------------------------------------------------------------------------------------------|
|
|
| To: [EMAIL PROTECTED]
|
| cc:
|
| Subject: Re: Authentication on Linux using PAM to a z/OS RACF server
|
|
|
|
|
>---------------------------------------------------------------------------------------------------------------------|
Jim, we have successfully access LDAP / DB2 (OS/390) from Linux for S/390
using PAM LDAP for authentication. If you use RACF, as far as I
understand, you can only have 1 profile for root. This is not good because
if you break the one password you have access to all the roots of a penguin
farm running under VM. Using LDAP/DB2 (OS/390) gives you the security of
OS/390 for your depository and takes away the restriction. Carlos :-)
Carlos A. Ordonez
IBM Corporation
Server Consolidation
|---------+--------------------------------------->
| | Jim Elliott |
| | <[EMAIL PROTECTED]|
| | et.ibm.com> |
| | Sent by: Linux on 390 Port |
| | <[EMAIL PROTECTED]> |
| | |
| | |
| | 03/18/2002 12:27 PM |
| | Please respond to Linux on |
| | 390 Port |
| | |
|---------+--------------------------------------->
>
-------------------------------------------------------------------------------------------------------------------------------|
|
|
| To: [EMAIL PROTECTED]
|
| cc:
|
| From:
|
| Subject: Authentication on Linux using PAM to a z/OS
RACF server |
|
|
>
-------------------------------------------------------------------------------------------------------------------------------|
In theory, you should be able to use PAM to provide Linux authentication
and resource contol through to the LDAP server that is part of the z/OS
Security Server (nee RACF). Has anyone done this or does anyone have an
idea as to where to start?
Regards, Jim Elliott
