Previous topic |
Next topic |
Contents |
Contact z/OS |
Library |
PDF
Certificate name filtering z/OS Security Server RACF Security Administrator's Guide SA23-2289-00 |
|
As more and more users access your system from the Web, you face
an increasing administrative burden to securely manage their digital
certificates. Certificate name filtering is a method for administering
large numbers of user certificates, without storing each certificate
in the RACF® database. Certificates
managed using certificate name filtering:
Certificate name filters are used to determine the operational user ID when RACF is called to create a security context for a client login using a certificate, such as during SSL client authentication. Certificate name filters cannot be used in protocols where the client certificate or the client private key is required. Therefore, certificate name filters are ideally suited for use with SSL client authentication which requires that only the client's root certificate, not the client certificate, be stored in the RACF database. Note: Certificate name filters are unrelated to distributed identity filters. (See Distributed identity filters). An installation might choose to implement either certificate name filters or distributed identity filters, both types of filters, or neither. |
Copyright IBM Corporation 1990, 2014
|