Previous topic |
Next topic |
Contents |
Contact z/OS |
Library |
PDF
Example z/OS Security Server RACF Security Administrator's Guide SA23-2289-00 |
|
The RACDCERT MAP command shown in Figure 1 creates
a subject's and issuer's name filter based on the partial subject's
distinguished name and the full issuer's name.
Figure 1. Sample RACDCERT MAP
command for creating a subject's and issuer's name filter
This filter contains the portion of the subject's distinguished name that identifies the user as an employee of the Administration department in the New York office of the US division of the World Sales Corporation, and the full issuer's distinguished name that identifies the issuer as VeriSign Class 1. Based on this filter, RACF® will associate the user ID NYADMIN to any user presenting a certificate issued by VeriSign Class 1 containing this significant portion of the subject's distinguished name, who does not have an individual certificate registered with RACF. Therefore, if the users Timo and Hiro, whose certificate information
is shown in Table 1, present
certificates while all defined name filters are in effect, the following
will result:
|
Copyright IBM Corporation 1990, 2014
|