On Thu, 18 Jan 2024 18:34:43 -0500 Joseph Reichman
wrote:
:>I am looking to cause an abend in IBM Service that is invoked by a PC call
:>(bad parameters) so as to test out Estate Type Recovery for CBT file 192
:>If anyone has an example would appreciate it
One would think placing x''
Radoslaw,
The "cracking exercise" is not so difficult. Those private keys in RACF are not
encrypted. They are stored in field CERTPRVK. I think they are BER encoded.
Details are in the RACF Macros and Interfaces manual. It's easy to display them
using zSecure if you know how.
Good reason to
Hi
I am looking to cause an abend in IBM Service that is invoked by a PC call
(bad parameters) so as to test out Estate Type Recovery for CBT file 192
If anyone has an example would appreciate it
Thanks
--
For IBM-MAIN
Is ICSF xKDS file a VSAM? Yes.
So, why to keep the keys in CKDS/PKDS instead of RACFdb?
1. Because the keys in CKDS/PKDS are *well encrypted* using secret key
(CryptoExpress MK). Assumed you have CEX.
2. Because any key kept in RACF is kept along with the encryption key
for that key.
3. Because
I gotta plead guilty to this. I know the basickest of basics about Unix
security, mostly from reading "The Cuckoo's Egg" multiple times; I've also hit
the manuals occasionally, but I'm woefully ignorant and I know it.
I guess it helps that I know it, but it'll be better still to learn more.
> Files in Unix are pretty unsecure. ...
That's the popular wisdom.
I could argue that the evidence is circumstantial, even coincidental.
(Bad rap because of bad practice by OTHER PEOPLE.)
But I'll back down.
What Itschak said about USS/Unix being unfamiliar to mainframe security
teams is
Thanks, That link didn't work for me as looked for it before this post.
Ms Terri E Shaffer
Senior Systems Engineer,
z/OS Support:
ACIWorldwide - Telecommuter
H(412-766-2697) C(412-519-2592)
terri.shaf...@aciworldwide.com
-Original Message-
From: IBM Mainframe Discussion List On Behalf
My H'penth
Files in Unix are pretty unsecure. I feel that any keystore in Unix is an
exposure.
With ICSF you can define a public/private key pair, and protect them with a
SAF profile such as
RDEFINE CSFKEYS label...
You then give people access to the label, and hence to the key(s).
I think
Rick,
You blond the messenger. STIGs are developed by DISA. We only automate the
process. This is why I am very familiar with the STIG rules.
Btw, unix file system is less understood and maintained by the mainframe
security teams, so the risk is built in uss security (if you do not use
external
On 1/18/24 02:53, ITschak Mugzach wrote:
see below the relevant STIG (V8r11)- TSS0-ES-000100:
IBM z/OS for PKI-based authentication must use ICSF or the ESM to store
keys.
Why?
(And I realize that YOU are not making this up, so don't take any
challenge personally.)
Any keys or
10 matches
Mail list logo
