Hello Arjen, > Arjen Neij wrote: > Does anyone knows or it is possible to have LDAP authentication (by RACF > on z/OS) for Linux under z/VM clients working over SSL communication > without having installed the z/OS cryptographic services?
> And also how to generate the SSL key which is to be used by the LDAP > server. It may be produced in house on one of hour Linux servers or > perhaps under z/OS itselfs) here is what I know: In order for your z/OS LDAP server to provide SSL support, you must install (or have already installed) System SSL Support. As far as I know, OCSF is only necessary, if you want to provide MD5 or SHA1 hashing of user passwords in the TDBM backend. (This would mean, not necessary if you store the passwords inside of RACF. Further, ICSF is (But I assume, that in your banking environment hardware cryptographic support is available. Doesn't it make sense to use it? An PCICA feature for RSA is relatively cheap, and starting with z990, z890 there is DES and TDES already built-in the CPs.)) If there is hardware cryptographic support installed on your machine, I have no idea, what would happen, if you try to use System SSL without this support. How to create a key/certificate for SSL should be described in the z/OS LDAP Administration Guide. If it is acceptable in your environment, you can use self-signed certificates (at least for test), or you can use a cetrificate signed by a CA. In any case check for the gskkyman utility. Kind regards, Manfred Gnirss Dr. Manfred Gnirss, TMCC Technical Sales Support, IBM Deutschland Entwicklung GmbH, Schoenaicher Str. 220, 71032 Boeblingen, Germany ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
