We are using CA ESM with TSS for many years and love it. We are years ahead of the Unix guys down the hall, who key in each user one server at a time. I do little to no work on setting up users, as our mainframe security department now does all that work for us (where it belongs). However, we also tend to be cutting edge with our software versions and support level, so I do not know if I can correctly answer your question.
What you need to do is open a question with CA support (CA_ACF2 support) to verify that the started task for the PAM server (CA DSI Server) is compatible and supported with zOS 1.5 and the level of eTrust CA-ACF2 you are using. The more important question is the version of ACF2 than the version of zOS (other than issues with support and the versions of ACF2 with the operating system). We are currently at version 15 for the CA DSI Server (with eTrust Top Secret), but you may find that you will need to back level to version 12. zVM 5.4 is not a factor at all, communications is only between the Linux Guest and the mainframe started task (CA DSI Server). The External Security Manager (ESM) has been around for a long time. I have found CA support once you get past level one for the CA ESM product to be very good, Wayne Bruce did a great job with this and it is a free add-on. But there is little to no information on the web (www.ca.com) on the product. James Chaplin Systems Programmer, MVS, zVM & zLinux Base Technologies, Inc -----Original Message----- From: Linux on 390 Port [mailto:[email protected]] On Behalf Of Andre Massena Sent: Wednesday, June 01, 2011 7:03 AM To: [email protected] Subject: zLinux CA PAM and ACF2 All, having seen several posts relating to CA PAM and ACF2 in the distant past on this forum, I thought I would pose my humble questions here.. A customer of mine is "still" running z/OS 1.5 using ACF2 as the ESM. He has installed several IFL's with bleeding edge z/VM 5.4.. and wants to authenticate his z/OS users using an LDAP method from zLinux (SLES11). Will CA PAM talk with such an old release of z/OS and presumably an equally old release of ACF2?? What are you considered opinions?? Regards, Andre ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 ---------------------------------------------------------------------- For more information on Linux on System z, visit http://wiki.linuxvm.org/ ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 ---------------------------------------------------------------------- For more information on Linux on System z, visit http://wiki.linuxvm.org/
