z/OS Security Server RACF System Programmer's Guide
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


Additional setup for the RACF subsystem user ID

z/OS Security Server RACF System Programmer's Guide
SA23-2287-00

Some functions require additional setup for the RACF® subsystem user ID.
  • If you are using the Network Authentication Server (IBM® Kerberos), the subsystem user ID must have a z/OS® UNIX UID, and its default group must have a z/OS UNIX GID. After the security administrator adds the OMVS segments, restart the RACF subsystem.
  • If you are using the RACF remote sharing facility (RRSF) with the TCP/IP protocol, the subsystem user ID must have a z/OS UNIX UID, and its default group must have a z/OS UNIX GID. After the security administrator adds the OMVS segments, make the local node operative again. (You do not have to restart the RACF subsystem.)
  • If your installation plans to enable enveloping for passwords and password phrases, the subsystem user ID must have a z/OS UNIX UID, and its default group must have a z/OS UNIX GID. In addition, the security administrator must give the user ID READ access to the IRR.DIGITCERT.LISTRING resource in the FACILITY class. For more information, see z/OS Security Server RACF Security Administrator's Guide. After the security administrator adds the OMVS segments and activates the enveloping function (that is, defines the PASSWORD.ENVELOPE or PASSPHRASE.ENVELOPE resource and activates the RACFEVNT class), restart the RACF subsystem.
Parent topic: Assigning a user ID to the RACF subsystem

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014