ICTX plug-in
The ICTX plug-in provides centralized remote resource management. This allows resource managers that do not reside on z/OS® to centralize authorization decisions and security event logging by using RACF® through the ICTX plug-in. These services are provided through two LDAP extended operations: Remote authorization and Remote auditing. These extended operations allow any remote application that has access to an LDAP client, the ability to query z/OS for authorization decisions and for logging security events. The Remote authorization extended operation uses the RACROUTE REQUEST=AUTH SAF service while the Remote auditing extended operation uses the r_auditx (IRRSAX00) RACF callable service. See z/OS Security Server RACROUTE Macro Reference for more information about the RACROUTE REQUEST=AUTH service. See z/OS Security Server RACF Callable Services for more information about the r_auditx (IRRSAX00) RACF callable service.
- Support for running the plug-in and LDAP server in 64-bit addressing mode.
- The ability to perform simple binds to the SDBM backend, LDBM or TDBM native authentication binds, SASL EXTERNAL binds where the certificate is mapped to a SAF or RACF user, and Kerberos binds.