Enabling the z/OS User Authentication feature for IBM ADDI Build Client

Edit online

Starting with IBM ADDI V6.1.1 you can use your z/OS® user ID and password or password phrase credentials and based on your access privileges you can pull the source files from the z/OS source systems.

Before you perform any action, you must take into account the following observations:

Make sure that the AT-TLS setup for IBM® ADDI Connect for Mainframe is completed and the TLS connection between IBM ADDI Build Client and IBM ADDI Connect for Mainframe is enabled. For more information, see Enabling TLS Connection to IBM ADDI Build and Enabling TLS Connection between IBM ADDI Build Client and IBM ADDI Connect for Mainframe.
Make sure that you are using the latest version of IBM ADDI Connect for Mainframe. There is no compatibility with an earlier version of IBM ADDI Connect for Mainframe.
The z/OS User Authentication feature is available only for the z/OS mainframe instances that are configured with TLS and enabled in the zOS-Data.ini configuration file. For more information, see Configurations.
The z/OS username and password credentials are added by using the User and password action button only once for each z/OS mainframe connection endpoint.

z/OS Username and Password or Password Phrase Guidelines

Starting with IBM ADDI V6.1.1, both RACF® passwords up to 8 characters and RACF password phrases up to 100 characters are supported. For specific details about password and password phrase requirements, see Passwords and password phrases in the z/OS Security Server RACF Security Administrator's Guide.

Configurations

To enable z/OS User Authentication feature, perform the following configurations:

Go to <IBM ADDI Installation Folder>\IBM Application Discovery Build Client\Bin\Release\Samples and copy the zOS-Data.ini configuration file in the <IBM ADDI Installation Folder>\IBM Application Discovery Build Client\Bin\Release folder.
Open the zOS-Data.ini configuration file by using a text editor and enter the desired values for the parameters that are detailed below. By default, the zOS-Data.ini configuration file has the following format:
```
[MVS1]
use_cred=Y/N

[MVS2]
use_cred=Y/N
```
Where:
- [MVS1] and [MVS2] are the names of the z/OS mainframe instances that are present in IBM Application Discovery Build Configuration > zOS Tab.
  Important: The square brackets need to be preserved and between them, the actual name of the z/OS mainframe instance needs to be added with no spaces nor tabs between the brackets.
- use_cred is an attribute that expects the Y or N values. This attribute decides whether the mentioned z/OS mainframe instance is prompted for the username and password or not.
  Note: The attribute value is not case-sensitive.
Important: In the case that a z/OS mainframe instance is not present in the configuration file, or it is present but the attribute value is set to N, for the related z/OS mainframe instance, the User and password action button will not be present.
Save and close the zOS-Data.ini configuration file.
For a z/OS mainframe instance with the parameter set to Y, the User and password action button is now visible in IBM Application Discovery Build Configuration. To enable this action button, you need to check the box of Enable AT-TLS. When this action button is used, a dialog box is prompted where you can enter z/OS user and password credentials. Then, click OK in the dialog box, and the credentials are saved.

Example of a zOS-Data.ini configuration file

[zOS_A]
use_cred=Y

[zOS_C]
use_cred=y

[zOS_D]
use_cred=N

Where:

zOS_A, zOS_B, zOS_C and zOS_D are the names of the z/OS mainframe instances.
The feature is available only for zOS_A and zOS_C.

Using the z/OS User Authentication feature

Once the z/OS mainframe instance is configured with TLS, declared in the zOS-Data.ini configuration file, and the z/OS username and password credentials are added by using the User and password action button, IBM ADDI Build Configuration and IBM ADDI Build Configuration will perform all GUI and CLI mainframe related features as expected.