IBM GC28-1920-01 Server User Manual


 
OS/390 OpenEdition DCE single signon support uses to sign in an authenticated
OS/390 user to DCE.
The RACF support for OS/390 OpenEdition DCE includes:
The DCE segment, which contains DCE information associated with a RACF
user
The KEYSMSTR class, which holds a key to encrypt the DCE password
The DCEUUIDS class, which is used to define the mapping between a user's
RACF user ID and the corresponding DCE principal UUID
Callable services that:
Check a user's authority to a RACF resource
Set or retrieve fields from a user profile DCE segment
Set or retrieve a DCE password
Determine the identity of a DCE client
Enhancements to RACF commands to allow users to create, update and
display information in the DCE user profile segment:
ADDUSER
ALTUSER
LISTUSER
Enhancements to RACF utilities:
SMF data unload utility
Database unload utility
Remove ID utility
Enhancements to the ACEE to identify a DCE client
Enhancements to RACF ISPF panels for the DCE user profile segment
OS/390 OpenEdition DCE provides two utilities to administer DCE information in
the RACF database and to create cross-linking information between the RACF user
database and the DCE principal registry:
MVSIMPT
MVSEXPT
For more information on these utilities, see
OpenEdition DCE Administration Guide
.
RACF interoperation with DCE requires the following software:
OpenEdition/MVS Release 3 (HOM1130) plus APAR OW15865
C Run Time Library (JMWL550) plus APAR PN75309
To enhance the security of DCE passwords stored in the RACF database, you
might want to use an encryption product. You are encouraged to consider installing
the IBM Integrated Cryptographic Service Facility (ICSF) Version 1 Release 2 on
your MVS operating system. This product provides DES encryption-level
protection.
For an overview of DCE technology and terminology, see
DCE: Understanding the
Concepts
.
Chapter 2. Release Overview 7