Managing passwords using Identity Manager on RACFv2 accounts

book

Article ID: 129634

calendar_today

Updated On:

Products

CA Identity Manager CA Identity Governance CA Identity Portal

Issue/Introduction

General advise on deploying the RACF Endpoint Connector can be found in the product documentation (Link Below), however there are some password restrictions attributed with z/OS that should be considered when deploying endpoints.

https://docops.ca.com/ca-identity-manager-and-governance-connectors/1-0/EN/connectors/ibm-connectors/ibm-racf/racf-v2-connector/manage-racf-v2-endpoint-groups
 


Are there any password considerations when on-boarding RACF endpoint users?
 

Environment

Release:
Component: IDMGR

Resolution

CA Identity Manager can only work within the constraints of the host system, in this case z/OS.

There are known restrictions on the IBM RACF password length (8 Characters) and this lead to a new password field introduced circa 1.9 called passphrase these are used for passwords that are greater that 8 bytes. These are maintained independently and the IM connector can utilize either field. However not all mainframe applications can support passphrase. Therefore password management within the RACF environment need careful management and consideration within these constraints.