Can ACF2 for z/VM and ACF2 for z/OS be configured to synchronize password phrases between z/VM and z/OS?

book

Article ID: 130059

calendar_today

Updated On:

Products

CA ACF2 CA ACF2 - DB2 Option CA ACF2 for zVM CA ACF2 - z/OS CA ACF2 - MISC

Issue/Introduction



Can ACF2 for z/VM and ACF2 for z/OS be configured to synchronize password phrases between z/VM and z/OS?

Environment

Release:
Component: ACF2VM

Resolution

Password phrase on ACF2 z/VM and ACF2 z/OS can be used with ACF2 z/VM Database Synchronization Component(DSC) and ACF2 z/OS Command Propagation Facility allowing for synchronization of password or password phrases between VM and z/OS systems.

The DSC allows synchronization of CA ACF2 for VM database changes between VM and z/OS systems using CAICCI (and VTAM) as the communications method.

DSC provides the necessary features that keep your CA ACF2 for VM Security for z/OS and CA ACF2 for VM for VM databases synchronized. That is, all updates, inserts, changes, and deletes you make to any CA ACF2 for VM record, from z/OS(CPF) or VM(DSC), are shipped (propagated) to the target
systems.

With ACF2 for z/VM the password phrases are stored in the ACF2 VM PWPHRASE Profile Record similar to the ACF2 for z/OS PWPHRASE Profile Data Records. PASSWORDs for both z/OS and z/VM are stored in the logonid record.

The "SHOW STATE"  command can be issued on both z/OS and z/VM to validate that sites are configured with the same PWPHRASE (Password Phrase) Profile Data Records settings in both environments.

Note that the use of password phrase and database synchronization will
not work if you are using AES2(AES 256 Encryption) on z/OS.