This IBM Redbooks publication describes the z/OS Security Services provided by z/OS as of z/OS 1.6.

As this is a vast subject and some of these services have already been addressed by other redbooks, usually in the OS/390–z/OS 1.2 time frame, we concentrate on new services or services that have gone under a noticeable evolution since they were described in previous redbooks, and we provide simple examples of utilization.

The first chapter is a summary of all Security Services available in z/OS 1.6 today.

This book addresses the enhancements in RACF Security Services in the domains of the Unix Security Services, the digital certificate handlings, and the more traditional Program Access to Data Sets (PADS) function, which have all been enhanced to better match the eBusiness needs in terms of compliance with standards and improved security. Note that RACF Multilevel Security (MLS) is also introduced in this book, with a practical example of its application to TCP/IP Security.

Chapter 1. Overview of z/OS Security Services

Chapter 2. RACF Security Server enhancements

Chapter 3. Multilevel Security and RACF

Chapter 4. MLS as applied to TCP/IP communications

Chapter 5. z/OS Integrated Security Services LDAP

Chapter 6. RACF Password Enveloping and z/OS LDAP Change Log

Chapter 7. z/OS Enterprise Identity Mapping (EIM) in a nutshell

Chapter 8. z/OS Network Authentication Service (Kerberos)

Chapter 9. z/OS System SSL

Chapter 10. z/OS OpenSSH

Appendix A. EIM API demo sample code

Appendix B. Sample test programs for PADS enhancements and RACF Password Enveloping