Use this procedure to set up the z/TPF user security database
on the z/TPF system with
the z/TPF symmetric
keystore defined.
Procedure
- Define the z/TPF symmetric
keystore on the z/TPF system.
- Ensure that the /etc directory is
mounted as part of the z/TPF collection support file system (TFS). If the /etc directory
is not mounted, create a new file system mount point in the z/TPF collection support file system for the /etc/tpfUserSecurity directory.
- Enter the following command to generate the symmetric key
to be used to encrypt the z/TPF user security database:
ZKEYS GENERATE ENC-IUSERSEC DEC-IUSERD1 CIPHER-AES256CBC NEW
When you enter the command, the following
rules apply:
- You must specify the encryption key name as IUSERSEC.
- The decryption key name can be any name and can be changed when
the key that encrypts the z/TPF user security database
changes.
- The only supported ciphers for the IUSERSEC key name are AES128CBC
and AES256CBC.
- Enter the following command to backup the z/TPF symmetric
keystore:
ZKEYS BACKUP PATH-/tmp/keystoreBackup
- Enter the following command to activate the IUSERSEC key
in the z/TPF symmetric
keystore:
ZKEYS ACT ENC-IUSERSEC DEC-IUSERD1
- Define user IDs and roles by using the MongoDB shell commands
or the ZRUSR and ZROLE commands.