Mainframe Cybersecurity & Compliance

 View Only

Back to discussions
Expand all | Collapse all

Support added to authenticate protected logonids using an identity token

  • 1.  Support added to authenticate protected logonids using an identity token

    Broadcom Employee
    Posted Jun 04, 2024 11:56 AM
    ACF2 supports a new field in the IDTDATA profile record that indicates if an identity token can be used to authenticate a protected user. IDTPROTA|NOIDTPROTA indicates whether protected logonids are allowed to be authenticated using an IDT on a SAF call to create an ACEE for the associated user. Protected logonids have the RESTRICT or STC parameter defined. RESTRICT specifies that a logonid is for production use only and does not require a password for user verification. The STC parameter specifies that a logonid is for use by started tasks only and is denied access to started tasks without this privilege. For more information, see IDTDATA Profile Record Record Type 1130: IDTDATA Profile IDTPARMS Data ACFRPTOM - UNIX System Services (USS) Report ACFRPTPW - Invalid Password/ Authority Log , and message ACF01112 .


    ------------------------------
    Laura Fletcher
    Principal Technical Writer
    Broadcom
    Illinois
    ------------------------------

    #ACF2