Some functions require additional setup for the RACF® subsystem user ID.
- If you are using the Network Authentication Server (IBM® Kerberos), the subsystem user ID must have
a z/OS® UNIX UID, and its default group must have a z/OS UNIX GID.
After the security administrator adds the OMVS segments, restart the RACF subsystem.
- If you are using the RACF remote
sharing facility (RRSF) with the TCP/IP protocol, the subsystem user
ID must have a z/OS UNIX UID, and its default group
must have a z/OS UNIX GID. After the security administrator adds
the OMVS segments, make the local node operative again. (You do not
have to restart the RACF subsystem.)
- If your installation plans to enable enveloping for passwords
and password phrases, the subsystem user ID must have a z/OS UNIX UID,
and its default group must have a z/OS UNIX GID. In addition, the security
administrator must give the user ID READ access to the IRR.DIGITCERT.LISTRING
resource in the FACILITY class. For more information, see z/OS Security Server RACF Security Administrator's Guide. After
the security administrator adds the OMVS segments and activates the
enveloping function (that is, defines the PASSWORD.ENVELOPE or PASSPHRASE.ENVELOPE
resource and activates the RACFEVNT class), restart the RACF subsystem.