Then you have to go the LDAP way. For z/VM and z/OS everything remains stored in RACF, as I wrote earlier, LDAP is just a way to access these RACF data. The LDAP on z/VM and z/OS doesn't need a real full blown database, the RACF data isn't even replicated into LDAP. Consider LDAP on VM as a blackbox and name it RACFGATE for example.
2008/12/9 Rothman, Peter <[EMAIL PROTECTED]> > Well actually we are looking into LDAP. However management prefer that > the LDAP live on Linux. > > Our programmers use work station based tools and have to reference data > that lives on z/VM z/OS and Linux – hence the need to try and keep passwords > in sync. > > The programmers 'main port of call' is z/VM – so when they have to change > the password here we would like to sync up the z/OS and Linux platforms as > well. > > > > *From:* The IBM z/VM Operating System [mailto:[EMAIL PROTECTED] *On > Behalf Of *Kris Buelens > *Sent:* Tuesday, December 09, 2008 8:09 AM > *To:* IBMVM@LISTSERV.UARK.EDU > *Subject:* Re: New RACF passwords > > > > What's wrong with the use of LDAP? It is included free of charge in z/VM. > Part of LDAP on z/VM and z/OS can be seen as a means to make the RACF > database content available to LDAP clients. Example: > ldapsrch -h 127.0.0.1 -D racfid=U80027,profiletype=user,cn=RACFVM -w > U80027PW > -L -b "racfid=U80027,profiletype=user,cn=RACFVM" "objectclass=*" > yields > dn: racfid=U80027,profiletype=USER,cn=RACFVM > racfid: U80027 > racfauthorizationdate: 09/26/08 > racfowner: RACFID=SYS1,PROFILETYPE=GROUP,CN=RACFVM > racfpasswordinterval: 30 > racfpasswordchangedate: 10/01/08 > racfprogrammername: KRIS BUELENS > racfdefaultgroup: RACFID=SYS1,PROFILETYPE=GROUP,CN=RACFVM > racflastaccess: 10/01/08/13:49:36 > racflogondays: SUNDAY > racflogondays: MONDAY > ..... > > 2008/12/9 Rothman, Peter <[EMAIL PROTECTED]> > > Thanks for the replies. > > At this stage we are not looking into using LDAP. > As far as RACF not providing an exit for this - there may not be an exit > specifically for this but we did have a product (a couple of years ago) > called SYNCOM that did this. If I recall correctly they used a > combination of ICHPWX01 and ICHRIX02. > > Any idea if ICHRIX02 can be used? > > > -- > Kris Buelens, > IBM Belgium, VM customer support > > If you are not the intended recipient of this e-mail message, please notify > the sender > and delete all copies immediately. The sender believes this message and any > attachments > were sent free of any virus, worm, Trojan horse, and other forms of malicious > code. > This message and its attachments could have been infected during > transmission. The > recipient opens any attachments at the recipient's own risk, and in so doing, > the > recipient accepts full responsibility for such actions and agrees to take > protective > and remedial action relating to any malicious code. Travelport is not liable > for any > loss or damage arising from this message or its attachments. > > > > -- Kris Buelens, IBM Belgium, VM customer support
