An inbound FTPS setup with z/OS as the FTPS server uses certificate based authentication with one CERTMAP record that maps thousands of certs to one LID in ACF2. That LID is RESTRICT, and the goal is to add additional options to fully secure a RESTRICT LID. How can this be accomplished?
Release : 16.0
There currently isn't a way to use LID related fields to secure RESTRICT ids used only for init_ACEE logons/CERTMAP processing.
A rule can be written to add an entry in the CASECAUT resource class for RESTRICT.CHECK.SURROGAT but no entry in the SURROGAT class.
Other options would be to remove the JOB bit from the logonid if possible, adding a non-existent SOURCE restriction, or adding LIMITED to the logonid.