On Monday, 08/22/2005 at 11:40 AST, David Boyes <[EMAIL PROTECTED]> wrote: > > is there any option to eTrust (i.e. LDAP Server under zOS to > > interface to > > ACF2) that fit the LDAP model better than eTrust? > > or easier to implement than eTrust? > > Not that I know of, although the Linux IUCV driver we posted last week > opens up a lot of interesting opportunities, such as connecting to the VM > *RPI CP service, allowing you to implement a Linux guest as a CP external > security manager. Once that's done (and the smart way to do it would be to > write a *RPI to PAM bridge widget), then any authentication/authorization > method available to Linux would be available for CP and Linux equally. This > would be particularly helpful if the RACROUTE macro also used that interface > -- I don't know for certain if it does, but Alan Altmark can probably > confirm one way or another. If it does, then most of the IBM stuff would > also work properly against an arbitrary AAA source. I'm still thinking a bit > more about how this should be done, so don't take this as gospel.
You would not write a "*RPI to PAM bridge widget". *RPI is how the ESM provides services to the control program, not guests. RACROUTE is a CMS/GCS/MVS/VSE API "shell" whose job it is to hand the request to a vendor-provided service. That service does whatever the vendor wants it do: issue a diagnose, use IUCV, or VMCF, all in an attempt to requests services of the ESM. The guests do not connect to *RPI. The underlying communications mechanism to request services from the ESM is not architected. And rather than architect Yet Another Proprietary Interface, the better solution is for the ESM to provide LDAP-based authentication services. Then any guest or remote host can access the service. But, yes, you could write a new PAM that uses a non-standard interface to request ESM services. Alan Altmark z/VM Development IBM Endicott ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
