z/OS Security Server RACF Security Administrator's Guide
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


Excluding a certificate by using the NOTRUST option

z/OS Security Server RACF Security Administrator's Guide
SA23-2289-00

You can use certificate name filtering to prevent a digital certificate from being associated with a user ID by defining a name filter with the NOTRUST option, as long as it is the most specific filter that matches the certificate you want to exclude. Certificate name filters defined with the NOTRUST option are not used to associate a user ID to a certificate. The NOTRUST option can be used to exclude one or more certificates.

The RACDCERT MAP command in Figure 1 defines a fully distinguished subject's and issuer's name filter labeled 'NOT FRANS' with the NOTRUST option to prevent a certificate from being mapped to the NYADMIN user ID.
Figure 1. Sample RACDCERT MAP command using the NOTRUST option
RACDCERT ID(NYADMIN) MAP WITHLABEL('NOT FRANS') NOTRUST
   SDNFILTER('CN=Frans De Graaff.OU=Admin.OU=New York.OU=US.O=World Sales Corp')
   IDNFILTER('OU=VeriSign Class 1 Individual Subscriber.O=VeriSign, Inc.L=Internet')
SETROPTS RACLIST(DIGTNMAP) REFRESH
Parent topic: Certificate name filtering

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014