Previous topic |
Next topic |
Contents |
Contact z/OS |
Library |
PDF
Excluding a certificate by using the NOTRUST option z/OS Security Server RACF Security Administrator's Guide SA23-2289-00 |
|
You can use certificate name filtering to prevent a digital certificate from being associated with a user ID by defining a name filter with the NOTRUST option, as long as it is the most specific filter that matches the certificate you want to exclude. Certificate name filters defined with the NOTRUST option are not used to associate a user ID to a certificate. The NOTRUST option can be used to exclude one or more certificates. The RACDCERT MAP command in Figure 1 defines a fully
distinguished subject's and issuer's name filter labeled 'NOT
FRANS' with the NOTRUST option to prevent a certificate from
being mapped to the NYADMIN user ID.
Figure 1. Sample RACDCERT
MAP command using the NOTRUST option
|
Copyright IBM Corporation 1990, 2014
|