Signon Validation Encrypted In CA Top Secret?
Article ID: 53033
Updated On:
Products
Issue/Introduction
Question:
SSL is used to connect to the Mainframe. When a user connects from Mainframe TN3270 or FTP and enters their ID and password, how and where is this information validated? Is the information that is stored in the CA Top Secret security file encrypted?
Answer:
The userid and password are validated by CA Top Secret. For example, a user connects to the mainframe using an SSL connection with FTP/SSL. Digital certificates are exchanged and verified. If OK, the connection is established.
Then the userid/password is entered from TELENT/FTP to signon. This signon is processed/validated by CA Top Secret. The data such as userid/password on the security file is encrypted. When running jobs or reports, a reference to a password is replaced by question marks, such as when the utility to list changes security file is run. The password is also encrypted when CPF?d to other systems.
The security file is a protected by default. To make changes to the security file, the person must be defined as a CA Top Secret security administrator. The data on the CA Top Secret security file is encrypted.
CA Top Secret has many security record types on the security file which are encrypted. For someone to get a password from the security file, that person would have to know how to:
- Decrypt the security file which requires your encryption key and how to decrypt the encryption method we use.
- Then find the appropriate security file record.
- And then find the field in the record that contains the variable length password.
Environment
Component:
Feedback
