z/OS Security Server RACF Security Administrator's Guide
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


Before you begin

z/OS Security Server RACF Security Administrator's Guide
SA23-2289-00

Before you begin, contact your programmer for the following information:
  • The name of each RRSF node to be enabled to use TCP/IP node connections. For a multisystem node (an RRSF node comprised of systems that share a RACF® database), you will need the name of only one member system.
  • The SAF name assigned to the RRSF listener port for each node. This is the port on which an RRSF node establishes a TCP/IP socket to listen for RRSF requests from target nodes. The SAF name is assigned in the TCP/IP profile using the PORT definition statement. For details about the PORT statement, see z/OS Communications Server: IP Configuration Reference.

    Guideline: For increased security, ensure that the listener port for each node is assigned a SAF name in the TCP/IP profile.

  • The following details about the Application Transparent Transport Layer Security (AT-TLS) policy defined for your RRSF network in z/OS® Communication Server. You need to know the following:
    • The name of the RACF key ring

      The key ring name shown in the examples of the steps in Implementing an RRSF trust policy is IRR.RRSF.KEYRING. (This matches the default name in the sample AT-TLS policy provided in the IRRSRRSF member of SYS1.SAMPLIB.)

    • The client authentication level

      The acceptable level is either Required or SAFCheck. The Required level is sufficient for the approaches described in this topic. The higher SAFCheck option is briefly described in Considerations when using an external CA.

Parent topic: Task roadmap for establishing RACF security for RRSF TCP/IP connections

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014