There is a CA LDAP Server r15 for z/OS bookshelf. In there you wil find
select a book title to view the documentation: CA DSI Installation Guide View HTML Download PDF CA DSI Messages Guide View HTML Download PDF CA DSI Product Guide View HTML Download PDF CA DSI Release Notes View HTML Download PDF CA LDAP Installation Guide View HTML Download PDF CA LDAP Messages Guide View HTML Download PDF CA LDAP Product Guide View HTML Download PDF CA LDAP Release Notes View HTML Download PDF CA PAM Client Product Guide View HTML Download PDF Richard (Gaz) Gasiorowski Solution Architect CSC 3170 Fairview Park Dr., Falls Church, VA 22042 845-889-8533|Work|845-392-7889 Cell|[email protected]|www.csc.com This is a PRIVATE message. If you are not the intended recipient, please delete without copying and kindly advise us by e-mail of the mistake in delivery. NOTE: Regardless of content, this e-mail shall not operate to bind CSC to any order or other contract unless pursuant to explicit written agreement or government initiative expressly permitting the use of e-mail for such purpose. From: Rob van der Heij <[email protected]> To: [email protected] Date: 06/01/2011 07:18 AM Subject: Re: zLinux CA PAM and ACF2 On Wed, Jun 1, 2011 at 1:03 PM, Andre Massena <[email protected]> wrote: > All, > > having seen several posts relating to CA PAM and ACF2 in the distant past on > this forum, I thought I would pose my humble questions here.. > > > A customer of mine is "still" running z/OS 1.5 using ACF2 as the ESM. He has > installed several IFL's with bleeding edge z/VM 5.4.. and wants to > authenticate his z/OS users using an LDAP method from zLinux (SLES11). > > Will CA PAM talk with such an old release of z/OS and presumably an equally > old release of ACF2?? According to the Wikipedia article, z/OS 1.5 was introduced around 2004. Looking in the ACF2 book (from 2003), it says: eTrust CA-ACF2 6.5 includes enhancements to support an interface for LINUX users. This includes a new PAM (Plug-in Authentication Module) to be used as an interface to eTrust CA-ACF2 for user authentication. Enhancements include a new LINUX User Profile record to map a LINUX name to the eTrust CA-ACF2 LID and Global LINUX Node records identifying nodes to eTrust CA-ACF2. This interface becomes part of the Security Integrator and will run as a daemon on z/OS and OS/390. My pedestrian view would be that timing could be such that your customer's ACF2 came with the PAM module. But you would have to see whether that lets itself fit on a more recent kernel like in SLES11. It's not impossible CA did some proprietary protocol rather than inplement full LDAP. Rob ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 ---------------------------------------------------------------------- For more information on Linux on System z, visit http://wiki.linuxvm.org/ ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 ---------------------------------------------------------------------- For more information on Linux on System z, visit http://wiki.linuxvm.org/
