Putting the Latest z/OS Security Features to Work
An IBM Redbooks publication
Note: This is publication is now archived. For reference only.
Published on 11 June 2002
ISBN-10: 0738424501
ISBN-13: 9780738424507
IBM Form #: SG24-6540-00
Authors: Chris Rayns, Angie Boone, Karin Broecker, John C Jones, Philippe Richard and Alain Striffling
Many significant enhancements have been made to the security features available on the z/OS and OS/390 platforms. This IBM Redbooks publication will help you install, customize, and configure the new functions provided with Version 1.2 of SecureWay Security Server for z/OS and OS/390 2.10. It is useful for system programmers, security administrators, and webmasters enabling e-business on these platforms.
LDAP enhancements on z/OS 1.2 that are discussed include extended operations client APIs, Kerberos authentication, the LDAP Configuration Utility (LDAPCNF), new SDBM features, TDBM native authentication. Techniques to increase server front-end performance and scalability are also described.
Security enhancements on OS/390 2.10 are achieved by new and improved RACF features, and by a new component of the Security Server for OS/390, called Network Authentication and Privacy Services (NAPS). NAPS is the IBM OS/390 implementation of Kerberos Version 5.
LDAP can provide directory services to a wide range of other applications. This book provides detailed information on integrating LDAP with other products to implement secure distributed computing environments and extend host data access across intranets and the Internet via simple to use and yet highly protected communications. It also gives step-by-step instructions for integrating LDAP with WebSphere Application Server, including sample code for migrating from RDBM to TDBM.
The steps necessary to configure and start an LDAP server with TDBM and SDBM are presented, along with instructions for implementing password encryption for the TDBM backend on a z/OS LDAP server. LDAP can be configured to provide RACF digital certificate support; this is discussed in detail. Finally, some basic security techniques for Linux on zSeries and S/390 are presented.
1. z/OS 1.2 LDAP directory enhancements
2. RACF enhancements
3. Network Authentication and Privacy Services
4. Policy Director usage of the LDAP server on z/OS
5. IBM Host On-Demand Version 6
6. z/OS 1.2 LDAP/WebSphere Application Server
7. LDAP server on z/OS
8. LDAP with RACF digital certificates
9. Overview of security on Linux