On Monday, 06/04/2007 at 03:57 AST, Pat Carroll <[EMAIL PROTECTED]> wrote: > Greetings all, > Is it possible to use z/OS-based RACF to authenticate a z/VM user > (non-Linux)? > The idea is to avoid maintaining a second (z/VM-based) RACF instance... > Both LPARs (z/OS and z/VM) are on the same CEC...
No, you cannot avoid the z/VM instance of RACF since something has to process the security requests on the VM system. (The same is true with z/OS - each LPAR has to be running RACF.) What you *can* do is share a RACF database between z/VM and z/OS, performing the non-VM-specific RACF admin from z/OS. There are some restrictions: - You cannot share a database between MVS and VM if the MVS system is in a sysplex (due to non-use of RESERVE/RELEASE) - You cannot use RRSF to synchronize data between RACF on z/OS and z/VM. - RACF/VM server (as opposed to database) administration must be performed from the VM system You can invent a rather complicated configuration wherein you create a small z/OS image running as a z/VM guest. It shares it own RACF database with RACF/VM and is configured to receive RRSF communications from the sysplex. Alan Altmark z/VM Development IBM Endicott ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390