Thank you! One more question, would TKE be totally confused if I used the same linux, moving it CEC to CEC (in an LPAR) to load keys on say 8 boxes? Or would each CEC need to have its own Linux?
Marcy From: Reinhard Buendgen <buend...@de.ibm.com> Sent: Thursday, September 24, 2020 6:03 AM To: Cortes, Marcy D. [PRINCIPAL ENGINEER] <marcy.d.cor...@wellsfargo.com> Cc: LINUX-390@VM.MARIST.EDU Subject: Re: Encryption again - Question on TKE use to CCA Hi Marcy, when using CCA (i.e. the TKE is configured to communicate with panel.exe) no authentication will be perfromed. You need neither enter an ID nor a password just click OK. This is not considered insecure because all the catcher does is to forward signed requests to the crypto adapter. For EP11 (i.e. if the TKE is configured to communicate with the ep11TKEd) it must a Linux user and password configured for the ep11TKEd as described here https://www.ibm.com/support/knowledgecenter/linuxonibm/com.ibm.linux.z.lxce/lxce_installing_hostpart.html (The default setting is to allow any user that has a password configured and is member of the ep11tke group to gain access through the ep11TKEd daemon.) Mit freundlichen Grüßen/Best Regards/Cordialement Reinhard ________________________________ Dr. Reinhard Bündgen Product Owner Security Linux on Z Linux on Z Development Mail:buend...@de.ibm.com<mailto:buend...@de.ibm.com> Phone: ++49-(0)7031-16-1130 Fax: ++49-(0)7031-16-3456 IBM Deutschland Research & Development GmbH Vorsitzender des Aufsichtsrats: Matthias Hartmann Geschäftsführung: Dirk Wittkopp Sitz der Gesellschaft: Böblingen Registergericht: Amtsgericht Stuttgart, HRB 243294 ________________________________ ----- Original message ----- From: Marcy Cortes <marcy.d.cor...@wellsfargo.com<mailto:marcy.d.cor...@wellsfargo.com>> Sent by: Linux on 390 Port <LINUX-390@VM.MARIST.EDU<mailto:LINUX-390@VM.MARIST.EDU>> To: LINUX-390@VM.MARIST.EDU<mailto:LINUX-390@VM.MARIST.EDU> Cc: Subject: [EXTERNAL] Encryption again - Question on TKE use to CCA Date: Thu, Sep 24, 2020 12:11 AM In this doc http://public.dhe.ibm.com/software/dw/linux390/docu/l91xct00.pdf page 13, what are these credentials? Where are they defined? Marcy This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation. ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu<mailto:lists...@vm.marist.edu> with the message: INFO LINUX-390 or visit http://www2.marist.edu/htbin/wlvindex?LINUX-390 ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www2.marist.edu/htbin/wlvindex?LINUX-390
