Previous topic |
Next topic |
Contents |
Contact z/OS |
Library |
PDF
Controlling password synchronization z/OS Security Server RACF Security Administrator's Guide SA23-2289-00 |
|
To enable synchronization of passwords and password phrases, issue the SET PWSYNC command. (For syntax information, see z/OS Security Server RACF Command Language Reference for more information.) For users with RACLINK PEER PWSYNC associations on an RRSF node,
you can use the following resources in the RRSFDATA class to further
control synchronization:
To be authorized for synchronization, a user must be permitted with at least READ access to the appropriate RRSFDATA resource. This allows PWSYNC requests for the user to be processed successfully. Alternatively, you can define a UACC of READ for the PWSYNC resource or the PHRASESYNC resource, or both, to authorize synchronization for all users who have approved PEER associations with PWSYNC enabled. Examples:
Important:
If the RACF® RRSFDATA class
is not active or the PWSYNC resource is not defined, password synchronization
will not occur even for users with established associations. Similarly,
if the RACF RRSFDATA class
is not active or the PHRASESYNC resource is not defined, password
phrase synchronization will not occur even for users with established
associations.To enable synchronization for users with RACLINK PEER PWSYNC associations
and disable automatic password direction, issue:
To
disable synchronization, issue:
You
can also use the RRSFDATA resources to control synchronization at
a system level. For example, you can turn off synchronization without
having to delete all of the existing user ID associations by deleting
the PWSYNC or PHRASESYNC resource, or by changing the UACC to NONE
with no users on the access list.Examples:
|
Copyright IBM Corporation 1990, 2014
|