On Wed, Jun 1, 2011 at 1:03 PM, Andre Massena <[email protected]> wrote: > All, > > having seen several posts relating to CA PAM and ACF2 in the distant past on > this forum, I thought I would pose my humble questions here.. > > > A customer of mine is "still" running z/OS 1.5 using ACF2 as the ESM. He has > installed several IFL's with bleeding edge z/VM 5.4.. and wants to > authenticate his z/OS users using an LDAP method from zLinux (SLES11). > > Will CA PAM talk with such an old release of z/OS and presumably an equally > old release of ACF2??
According to the Wikipedia article, z/OS 1.5 was introduced around 2004. Looking in the ACF2 book (from 2003), it says: eTrust CA-ACF2 6.5 includes enhancements to support an interface for LINUX users. This includes a new PAM (Plug-in Authentication Module) to be used as an interface to eTrust CA-ACF2 for user authentication. Enhancements include a new LINUX User Profile record to map a LINUX name to the eTrust CA-ACF2 LID and Global LINUX Node records identifying nodes to eTrust CA-ACF2. This interface becomes part of the Security Integrator and will run as a daemon on z/OS and OS/390. My pedestrian view would be that timing could be such that your customer's ACF2 came with the PAM module. But you would have to see whether that lets itself fit on a more recent kernel like in SLES11. It's not impossible CA did some proprietary protocol rather than inplement full LDAP. Rob ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 ---------------------------------------------------------------------- For more information on Linux on System z, visit http://wiki.linuxvm.org/
