Can IBM LDAP update the CA Top Secret Security File for z/VSE

book

Article ID: 16620

calendar_today

Updated On:

Products

CA Top Secret - VSE

Issue/Introduction

Can IBM LDAP be used to update the CA Top Secret for z/VSE Security File?



Can IBM LDAP be used to update the CA Top Secret for z/VSE Security File?

Environment

Release:
Component: TSSVSE

Resolution

IBM LDAP currently doesnt have the ability to update the CA Top Secret for z/VSE security file.

CA Technologies has its own version of  LDAP called  CA LDAP, but only runs on the z/OS platform. There arent any versions that run on z/VM/ z/VSE or z/Linux.

CA LDAP allows you to issue security checks, authenticate, extract information from the security file and make TSS administrative changes to CA Top Secret for z/OS.

CA PAM allows you to validate signons on z/Linux. It requires CA LDAP. When a signon occurs in z/Linux, CA PAM will make a call to CA LDAP and authenticate the userid and password. This means the userid and password must exist on CA Top Secret for z/OS.

If the validation is successful or unsuccessful, we let CA PAM know and it allows or fails the signon on z/Linux.

Currently there is no equivalent of CA PAM that runs on z/VM and z/VSE.