Can ACF2 for z/VM and ACF2 for z/OS be configured to synchronize password phrases between z/VM and z/OS?
book
Article ID: 130059
calendar_today
Updated On:
Products
ACF2ACF2 - DB2 OptionACF2 for zVMACF2 - z/OSACF2 - MISC
Issue/Introduction
Can ACF2 for z/VM and ACF2 for z/OS be configured to synchronize password phrases between z/VM and z/OS?
Environment
Release: Component: ACF2VM
Resolution
Password phrase on ACF2 z/VM and ACF2 z/OS can be used with ACF2 z/VM Database Synchronization Component(DSC) and ACF2 z/OS Command Propagation Facility allowing for synchronization of password or password phrases between VM and z/OS systems.
The DSC allows synchronization of CA ACF2 for VM database changes between VM and z/OS systems using CAICCI (and VTAM) as the communications method.
DSC provides the necessary features that keep your CA ACF2 for VM Security for z/OS and CA ACF2 for VM for VM databases synchronized. That is, all updates, inserts, changes, and deletes you make to any CA ACF2 for VM record, from z/OS(CPF) or VM(DSC), are shipped (propagated) to the target systems.
With ACF2 for z/VM the password phrases are stored in the ACF2 VM PWPHRASE Profile Record similar to the ACF2 for z/OS PWPHRASE Profile Data Records. PASSWORDs for both z/OS and z/VM are stored in the logonid record.
The "SHOW STATE" command can be issued on both z/OS and z/VM to validate that sites are configured with the same PWPHRASE (Password Phrase) Profile Data Records settings in both environments.
Note that the use of password phrase and database synchronization will not work if you are using AES2(AES 256 Encryption) on z/OS.