Previous topic |
Next topic |
Contents |
Contact z/OS |
Library |
PDF
Authorizing daemon and user identities Integrated Security Services Open Cryptographic Enhanced Plug-ins Application Programming SC14-7568-00 |
|||||||
IBM recommends that you assign unique z/OS and z/OS UNIX user identifiers (UIDs) to the daemons and applications that are authorized to use OCEP and OCSF services. This approach will maintain individual accountability for applications that are accessing cryptographic services on z/OS. For example, assume that the following daemon application needs to use OCEP and OCSF services on z/OS. This daemon runs under the z/OS shell and the application is started by the daemon's profile.
To create a RACF user profile with an OMVS segment, you would issue
the following RACF ADDUSER command:
For more information about how to define a RACF user ID, see the z/OS Security Server RACF Command Language Reference and the z/OS Security Server RACF Security Administrator's Guide. In addition, IBM recommends that the OCEP installation and verification scripts (see Installing the OCEP code and Verifying OCEP installation are run from a superuser; that is, a user ID that has been defined with a UID of 0. For more information about how to define entities for daemons and applications on z/OS, see z/OS UNIX System Services Planning. |
Copyright IBM Corporation 1990, 2014
|