ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Can IBM LDAP update the CA Top Secret Security File for z/VSE

book

Article ID: 16620

calendar_today

Updated On:

Products

Top Secret - VSE

Issue/Introduction

Can IBM LDAP be used to update the CA Top Secret for z/VSE Security File?



Can IBM LDAP be used to update the CA Top Secret for z/VSE Security File?

Environment

Release:
Component: TSSVSE

Resolution

IBM LDAP currently doesnt have the ability to update the CA Top Secret for z/VSE security file.

CA Technologies has its own version of  LDAP called  CA LDAP, but only runs on the z/OS platform. There arent any versions that run on z/VM/ z/VSE or z/Linux.

CA LDAP allows you to issue security checks, authenticate, extract information from the security file and make TSS administrative changes to CA Top Secret for z/OS.

CA PAM allows you to validate signons on z/Linux. It requires CA LDAP. When a signon occurs in z/Linux, CA PAM will make a call to CA LDAP and authenticate the userid and password. This means the userid and password must exist on CA Top Secret for z/OS.

If the validation is successful or unsuccessful, we let CA PAM know and it allows or fails the signon on z/Linux.

Currently there is no equivalent of CA PAM that runs on z/VM and z/VSE.