IDMS

We are using EXTERNAL security in IDMS and I would like to activate a stronger password encryption algorithm 'KDFAES' under RACF.This makes it much more difficult to crack passwords stored in the RACF Database. IBM Documentation Planning Considerations for Enabling KDFAES warns of potential impact on "applications" that perform password verifications. IBM Info APAR II14765 refers to a number of IBM products for which maintenance is required (eg IMS, CICS, etc ..). I assume that IDMS may also be potentially involved.

Is there is any impact on our IDMS software? Perhaps you have already gained experience with other customers using the RACF option SETROPTS PASSWORD (ALGORITHM (KDFAES))?

Hi Jan,

   Probably this should be a support case, but IDMS when handling External security for RESTYPE=SGON does not know what the external security manager is so we cannot know what encryption it may use.  We do use RACROUTE because TSS and ACF2 support it, but always send the password as entered by the user at the terminal. 

  What RACF does with the password to validate it is not something IDMS knows.

  We don't see how this can affect IDMS using external security, but are curious about what changes you refer to that may need to be made in applications.

 Brian