z/OS Security Server RACF Security Administrator's Guide
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


Format of the APPLDATA value

z/OS Security Server RACF Security Administrator's Guide
SA23-2289-00

The format of the APPLDATA value in the IRR.PROGRAM.SIGNING profiles is as follows:

[hash-algorithm ][owning-userid]/key-ring-name

The variables of the APPLDATA value are defined as follows:
hash-algorithm
Specifies the message digestion algorithm to be used for program signing. The default value is SHA256. No other values are supported.
owning-userid
Specifies the user ID that owns the program-signing key ring. If you omit this value, RACF® uses the key ring of the authorized program signer.
/key-ring-name
Specifies the fully qualified name of the program-signing key ring. This value must be preceded by the forward slash (/).
Examples:
RDEFINE FACILITY IRR.PROGRAM.SIGNING.BUILD.RAMOS
  APPLDATA('BUILDID/BUILD.CODE.SIGNING.KEYRING')
RDEFINE FACILITY IRR.PROGRAM.SIGNING.RAMOS
  APPLDATA('SHA256 RAMOS/RAMOS.CODE.SIGNING.KEYRING')
RDEFINE FACILITY IRR.PROGRAM.SIGNING.PROD
  APPLDATA('/PROD.CODE.SIGNING.KEYRING')
RDEFINE FACILITY IRR.PROGRAM.SIGNING
  APPLDATA('RACFADM/CODE.SIGNING.KEYRING')
Rules:
  • The only space character allowed in the APPLDATA value is the single space following the hash-algorithm value. If hash-algorithm is omitted, no space is allowed in the APPLDATA value.
  • No extraneous characters are allowed in the APPLDATA value.

RACF does not check the format of the APPLDATA value when you define a IRR.PROGRAM.SIGNING profile. RACF checks the format when a user signs a program and RACF finds a matching IRR.PROGRAM.SIGNING profile.

Parent topic: Details about defining IRR.PROGRAM.SIGNING profiles

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014