Skip to main content

z/OS Version 1 Release 8 RACF Implementation

An IBM Redbooks publication

Note: This is publication is now archived. For reference only.


Published on 13 February 2007

  1. .PDF (1.7 MB)

Share this page:   

ISBN-10: 0738489859
ISBN-13: 9780738489858
IBM Form #: SG24-7248-00

Authors: Paul Rogers, Rogerio E. M. Camargo, Gillian Gainsford and Rita Pleus

    menu icon


    This IBM Redbooks publication describes the implementation of RACF® in z/OS® Version 1 Release 8. This release continues to deliver industry leadership for security. Improvements have been introduced to further enhance the security-rich environment z/OS users rely on. These enhancements include:

    - RACF support for virtual key rings to treat the collection of all the certificates owned by one user ID, including the SITE and CERTAUTH reserved user IDs, as an independent key ring. The use of the CERTAUTH virtual key ring will help to eliminate the need to manually create multiple real key rings for SSL-enabled z/OS client applications such as FTP.

    - RACF template extensions allow templates to expand beyond their current 4K size.

    - RACF supports the use of passwords longer than eight characters, now called password phrases.

    - The RACF access control module exit, DSNXRXAC, has changed substantially with DB2® version 9. A RACF administrators can now define a security rule before an object is created and preserve the rule for a dropped object. In addition, RACF general resources for member and group profiles can be used by an installation to protect multiple DB2 resources with a single RACF profile.

    - A new parameter on the IRRUT200 utility tells the utility to activate the backup data set printed to as output. This is accomplished by the utility internally issuing an RVARY ACTIVE for the backup data set after the copy is complete. IRRUT200 and IRRUT400 utilities now check whether their output data sets are active primary or backup RACF data sets on this system.

    New RACF health checks are introduced.

    - RACF in z/OS V1R8 provides a solution to some functional gaps in the way that change logging of RACF profile updates were reflected in z/OS LDAP, and an enhancement is made to LISTUSER to demonstrate whether password enveloping is enabled for a user.

    In addition to describing the new features, this book includes detailed steps for implementing these enhancements. It explains how to configure them for your installation and how to use them to increase the security of your environment.

    Table of Contents

    Chapter 1. RACF Version 1 Release 8

    Chapter 2. Password phrase

    Chapter 3. Availability improvements for IRRUT200 and IRRUT400

    Chapter 4. RACF and the DB2 access control module

    Chapter 5. RACF virtual key ring support

    Chapter 6. PKI Services

    Chapter 7. RACF health checks

    Chapter 8. LDAP change logging

    Chapter 9. Template and profile extensions


    Others who read this also read