That sounds like it could be helpful. We have CA's LDAP server running to
go against the ACF2 database, and IBM's LDAP server for Websphere. I would
have to assume that if one can go against the IBM Ldap server backed with
DB2/Racf database, it should be relatively simple to massage that to go
against the CA Ldap server and authenticate things there.
I would greatly appreciate any information you might have on how to
implement that in the RACF/IBM Ldap world. I think we could bridge the
rest.
Also, just to let you know in case the listserv message missed you:
PAV Volumes as root volume in a Ficon+switch to shark do not IPL. However,
they DO work in the file system. I am using them as swap and as the tree
under /var at the moment.
Are there any utilities to copy a tree like copytree for s/390? I have to
give the one volume back so I'd like to move the /var tree to /var2,
unmount the volume and rename /var2 to /var without losing any symbolic
links.
|---------+---------------------------->
| | Carlos Ordonez |
| | <[EMAIL PROTECTED]|
| | om> |
| | Sent by: Linux on|
| | 390 Port |
| | <[EMAIL PROTECTED]|
| | IST.EDU> |
| | |
| | |
| | 03/19/2002 06:56 |
| | AM |
| | Please respond to|
| | Linux on 390 Port|
| | |
|---------+---------------------------->
>--------------------------------------------------------------------------------------------------------------|
|
|
| To: [EMAIL PROTECTED]
|
| cc:
|
| Subject: Re: Authentication on Linux using PAM to a z/OS RACF server
|
>--------------------------------------------------------------------------------------------------------------|
Jim, we have successfully access LDAP / DB2 (OS/390) from Linux for S/390
using PAM LDAP for authentication. If you use RACF, as far as I
understand, you can only have 1 profile for root. This is not good because
if you break the one password you have access to all the roots of a penguin
farm running under VM. Using LDAP/DB2 (OS/390) gives you the security of
OS/390 for your depository and takes away the restriction. Carlos :-)
Carlos A. Ordonez
IBM Corporation
Server Consolidation
|---------+--------------------------------------->
| | Jim Elliott |
| | <[EMAIL PROTECTED]|
| | et.ibm.com> |
| | Sent by: Linux on 390 Port |
| | <[EMAIL PROTECTED]> |
| | |
| | |
| | 03/18/2002 12:27 PM |
| | Please respond to Linux on |
| | 390 Port |
| | |
|---------+--------------------------------------->
>
-------------------------------------------------------------------------------------------------------------------------------|
|
|
| To: [EMAIL PROTECTED]
|
| cc:
|
| From:
|
| Subject: Authentication on Linux using PAM to a z/OS
RACF server |
|
|
>
-------------------------------------------------------------------------------------------------------------------------------|
In theory, you should be able to use PAM to provide Linux authentication
and resource contol through to the LDAP server that is part of the z/OS
Security Server (nee RACF). Has anyone done this or does anyone have an
idea as to where to start?
Regards, Jim Elliott
