On Wed, 8 Feb 2017 12:08:47 -0600, Walt Farrell wrote: > >In theory, similar supported located at the "edge" between z/OS and network >apps would also allow mapping from a 32-character Linux ID to an 8-character >z/OS ID, without user action. > Or even 7, for maximum TSO compatibility?
>It's not a perfect solution for what gil wants to see, but it would solve a >lot of compatibility issues without requiring all the applications to change. >Only the security products. > This seems to meet most requirements: TSO, UNIX, and LDAP. Why, then, is there any need for OA51203 or USERIDALIASTABLE? And EIM appears to be done with RACF which is the correct component for identity management. http://www-01.ibm.com/support/docview.wss?uid=swg1OA51203 >z/OS also provides functions, today, that applications can use for something >similar: z/OS Enerprise Identity Mapping. For more about that you can see its >Guide and Reference: > > http://publibz.boulder.ibm.com/cgi-bin/bookmgr_OS390/BOOKS/eima1170/CCONTENTS?SHELF=all13be9&DN=SA22-7875-09&DT=20100617152016 >or > http://preview.tinyurl.com/znostgd Thanks. On Mon, 6 Feb 2017 20:37:41 -0500, Tom Conley wrote: > >> Dismayingly ironically, the need has been addressed by UNIX System Services: >> � z/OS 2.2.0 >> � z/OS UNIX System Services >> � z/OS UNIX System Services Planning >> � Customizing z/OS UNIX >> � Customizing the BPXPRMxx member of SYS1.PARMLIB >> � Defining system features >> � USERIDALIASTABLE > ... >I must say one thing. This entire post by Gil is untrue. His >conjecture about we should have done 32 characters would have made this >project wait at least another, and possibly two releases of z/OS. The >line about deficient communication is unadulterated bull@#$%. A large >number of people at both IBM and OEM vendors have been working for years >to deliver 8-character TSO support. The work these people have done is >worthy of praise, not damnation. A non-disclosure prevents me from >saying more at this time, but for the folks on the list, you need to >know that Gil is completely wrong on this issue. > And I'll continue to disagree. Not so much with Tom as with IBM's chaotic design practices. Given two very similar requirements (and perhaps a third), expanding the user name spaces in TSO and UNIX System services, why: o provide two separate solutions, OA51203 and USERIDALIASTABLE for UNIX when a single one should suffice? o And why implement USERIDALIASTABLE, at the expense of decreased performance, outside RACF, the proper platform for identity management? It appears that EIM should have been the single solution. -- gil ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN