If you are an ACF2 (or CA-Top Secret) customer, then we have an open-source PAM plug-in that lets you authenticate directly against ACF2 or Top Secret. The client side (the part that runs on Linux) is available in source code or pre-built RPM form (both Intel and mainframe Linux). The server is simply a built-in integrated part of ACF2. With our plug-in installed, you need no user definition on Linux - your existing mainframe security rules and passwords are all that's needed.
Compared to the LDAP approach, our PAM implementation is faster, just as secure (we use OpenSSL on the network connection), and includes a number of additional features that help you control who should be able to connect to a particular Linux image. It's described in the ACF2 6.5 Product Announcement, which you can read here: http://www3.ca.com/Files/ProductAnnouncements/etrust_acf2_pd_rel65.pdf Vince Re Computer Associates -----Original Message----- From: James Melin [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 10, 2002 1:27 PM To: [EMAIL PROTECTED] Subject: Re: LINUX & Security I'd like to add a follow-on question to this.... Has anone gotten Linux to update user ID's/Passwords from an NT central domain ? Is it possible to synchronize those, or failing that has anyone gotten Linux security to refresh from RACF or ACF2 secuirity databases, or even authenticate logon using LDAP into RACF or ACF2 instead of manually trying to synchronize Linux user lists/passwords/groups/ etc |---------+----------------------------> | | Joseph Sumi | | | <[EMAIL PROTECTED]| | | v> | | | Sent by: Linux on| | | 390 Port | | | <[EMAIL PROTECTED]| | | IST.EDU> | | | | | | | | | 12/10/2002 09:42 | | | AM | | | Please respond to| | | Linux on 390 Port| | | | |---------+----------------------------> >----------------------------------------------------------------------- -------------------------------------------------------| | | | To: [EMAIL PROTECTED] | | cc: | | Subject: LINUX & Security | >----------------------------------------------------------------------- -------------------------------------------------------| Hello, we have just started to research SUSE Linux under z/VM, and I've been asked these questions: - Does SUSE Linux issue any SAF (RACF) calls for security in the z/VM environment ? If not, how is security handled ? - Are there any types of "SMF" records cut to record access or violations to resources in a Linux z/VM environment ? - Does anyone have a link to more specific security / Linux information ? Thanks.