AAM settings to use Compound In-Band Authentication in ACF2
search cancel

AAM settings to use Compound In-Band Authentication in ACF2

book

Article ID: 250601

calendar_today

Updated On:

Products

Advanced Authentication Mainframe ACF2 ACF2 - MISC ACF2 - z/OS

Issue/Introduction

A site is currently using RADIUS authentication with Broadcom's AAM product. This only allows for user's RADIUS passwords to be supplied at logon time. How can Compound In-Band authentication be implemented to allow for users to also have to enter their ACF2 password or passphrase at logon? Does this also allow for password changes to occur for their ACF2 credentials?

Environment

Release : 2.0

Component : Advanced Authentication Mainframe

Resolution

PTF LU03845 is a feature PTF that is required in order to use Compound In-Band authentication.

With this PTF, the only changes that need to be made on a system with AAM already running is the job to update the Global Factor record is now MAAGFRAD (the MAABURAD job is not used for Compound In-Band). Make sure this job specifies CompoundInBand=Y. There is an ACF2 refresh command required and the MFASTC will need to be stopped and re-started if it is running when the MAAGFRAD job was ran. More detailed steps can be found in the Advanced Authentication Mainframe documentation: Update the Global Factor Record for Using MAAGFRAD.

Lastly,  end users would need to be made aware of the change. Sign On When Using RADIUS with Compound In-Band documents how the signon and password change scenarios would look depending on the settings implemented in MAAGFRAD.