Chapter 21. Express Logon Feature (ELF) 669
certificates, refer to OS/390 Security Server for OS/390 RACF Security
Administrator’s Guide, SC28-1915 and OS/390 Security Server (RACF)
Command Language Reference, SC28-1919.
For more information on how to configure the DCAS server for express logon,
refer to the Setting up and Using the IBM Express Logon Feature white paper at
http://www.ibm.com/software/network/library/whitepapers/elf.html.
21.5.4 Set up DCAS to use the RACF services
The DCAS server runs as a system daemon and must be started under a
controlled user ID that has superuser authority. To define the user ID to use
OMVS services, use the following command:
ADDUSER dcasid DFLTGRP(OMVSGRP) OMVS(UID(0) HOME('/'))
Starting the DCAS from an MVS procedure requires that the user ID from which
it is started have access to the MVS.SERVMGR.DCAS resource in the
OPERCMDS class.
If DCAS is started as an MVS procedure, a STARTED profile associated with
DCAS is needed.
At a minimum, you must register all workstation client certificates with RACF.
This associates the certificates, which are passed by the TN3270 server to the
DCAS, with the IDs of users attempting to log on. To associate certificates with
user IDs, use the RACDCERT command.
Since the RACDCERT command supports only MVS data sets, a certificate has to
be stored into an MVS data set to be imported into RACF. After creating a
self-signed client certificate or receiving a certificate from a public CA, export it in
the DER binary format, then send it to the OS/390 system using the FTP binary
transfer function.
Create a RACF PTKTDATA profile for each application ID the HOD client is
attempting to access using the Express Logon Feature.
The sample commands we used are shown below:
Define started profile and OPERCMDS
ADDUSER DCAS DFLTGRP(OMVSGRP) OMVS(UID(0) HOME(‘/’))
RDEFINE STARTED DCAS.* STDATA(USER(DCAS))
SETROPTS RACLIST(STARTED) REFRESH
RDEFINE OPERCMDS (MVS.SERVMGR.DCAS) UACC(NONE)
PERMIT MVS.SERVMGR.DCAS CLAS(OPERCMDS) ACCESS(CONTROL) ID(DCAS)
SETROPTS RACLIST(OPERCMDS) REFRESH
Get A Comprehensive Guide to IBM WebSphere Host Publisher Version 3.5 now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
