On Wednesday, 08/14/2013 at 03:37 EDT, David Boyes <[email protected]> wrote: > If this is truly what you want to see happen, then IBM needs to spend a > significant amount of time and thought on how the HMC can integrate into > enterprise-wide authentication, event auditing, and policy distribution schemes > like Kerberos/LDAP or AD and common log management/accounting management > schemes like syslog, RADIUS, etc. The userid management code on the HMC is > almost impossible to automate, and the HMC is the last place you want random > userids lying around with more-than-normal powers and management schemes that > don't integrate easily with common audit streams. > > This is going to be increasingly important in geographically distributed > configurations where the remote systems are likely to be totally > lights-out/no-staff, and potentially in different countries.
The HMC can certainly authenticate with LDAP or AD. There is some capability to dynamically provision HMC IDs via LDAP using user templates and/or patterns. I'm getting details from Product Engineering, as the published information is, shall we say, sparse. (Read: Pretty much non-existent.) The HMC also has complete audit facilities, including the ability to manually and/or automatically upload the logs to another system. If customers have requirements for HMC functionality, they need to make those requirements known. Alan Altmark Senior Managing z/VM and Linux Consultant IBM System Lab Services and Training ibm.com/systems/services/labservices office: 607.429.3323 mobile; 607.321.7556 [email protected] IBM Endicott ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 ---------------------------------------------------------------------- For more information on Linux on System z, visit http://wiki.linuxvm.org/
