How to ascertain if certificate name filtering in ACF2 is in use?

search cancel

How to ascertain if certificate name filtering in ACF2 is in use?

book

Article ID: 184066

calendar_today

Updated On:

Products

ACF2 ACF2 - DB2 Option ACF2 for zVM ACF2 - z/OS ACF2 - MISC LDAP SERVER FOR Z/OS PAM CLIENT FOR LINUX ON MAINFRAME WEB ADMINISTRATOR FOR TOP SECRET

Issue/Introduction

What commands in ACF2 will show if certificate name filtering is active.

These commands were issued..
SET CONTROL(GSO)
SHOW CERTMAP

and the outcome was..

-- CERTMAP FILTERING TABLES --
CONTROL

What does "CONTROL" mean in the above?
Is certificate name filtering in use?

Environment

Release : 16.0

Component : CA ACF2 for z/OS

Resolution

This means there are no certmap records defined and you are in control mode after issuing SET CONTROL(GSO).

If SET LID had been issued the output would have shown

SET LID
SHOW CERTMAP
-- CERTMAP FILTERING TABLES --
LID

There is no need to be in control(GSO) mode to issue any SHOW commands

In the above example certificate name filtering is not active.

If certificate name filtering IS active the following example might be seen.

-- CERTMAP FILTERING TABLES -- 

IDN/SDN FILTERS
---------------                     
                                          IDN FILTER    

                                                SDN FILTER 
Label                            TRUST   USER   CRITERIA
================================ ===== ======== ============================== 
label name                        Y     xxxxxx  CN=cn name.OU=ou
                                                name.O=oname
                                                .L=location.ST=state.C=xx
                                               

Additional Information

This request is related to stigV-3225.
TECHDOC location:

Feedback

thumb_up Yes

thumb_down No