Skip to main content

 
IBM Systems  > Servers  > Mainframe servers  > z/OS  > 

RACF Security Server feature for z/VM Version 5 Release 4 (V5.4)

  

The RACF Security Server Function Level 540 (FL540) for z/VM 5.4 is available! This release provides password and password phrase enveloping and LDAP change logging of user and group profile updates. These enhancements, along with an upgrade of the LDAP server to the z/OS V1.10 level allow you to retrieve updates, including password changes, from z/VM and securely propagate them across the enterprise.

Prior releases of RACF for z/VM include:

  • RACF Security Server feature Function Level 530 (FL530) for z/VM V5.3. This release of the RACF feature provides:
    • All function and service in the z/OS V1.10 release. This includes the z/VM guest LAN and virtual switch support shipped in 1.10 APARs VM63452 (base support) and VM63750 (sniffer support).
    • Mixed case password support.
      • Passwords can now contain lower case alphabetic characters.
      • Enablement of mixed case support, and updated password syntax rules, managed with the SETROPTS command.
    • Password phrase support.
      • A mixed-case password that is from 9 to 100 characters in length that can include blanks and other special characters.
      • Can be used to logon to CP using local terminals or telnet and with FTP.
      • Many password-related SETROPTS options apply to password phrases as well.
      • Sample new-password-phrase exit ICHPWX11 which calls a REXX exec in which additional quality rules may be coded.
    • Support for the new z/VM LDAP server. This allows LDAP clients (such as a Linux image) to:
      • update and query information in RACF user and group profiles,
      • authenticate to the LDAP server using a RACF password, and
      • use LDAP services to submit remote authorization and audit requests to the RACF server.
    • Various improvements to user related processing.
      • Support for NOPASSWORD users. Such a user could still have a password phrase, and be forced to authenticate using it. Or, the user could have neither a password, nor a phrase, as an additional control for service virtual machines. RACF has been changed to create NOPASSWORD users by default, rather than setting the initial password to the user's default group.
      • Improved auditing of password changes.
      • Ability to specify NOEXPIRED on the ALTUSER command so that the password assigned does not need to be changed at LOGON. This is helpful to user management and password synchronization applications.
      • Improved ALTUSER command places the user's current password in the password history list before changing the password.
    • The SMF data unload utility can emit XML output so that it can be loaded to any XML-enabled application for analysis.
    • Protection for the CP FOR command, and for DIAGNOSE X'88'.
    • The RACF class descriptor table has increased the number of POSIT values available for use, resulting in the ability to add more customer-defined classes.
    • Simplification of the documentation library by removal of information pertinent to only MVS (z/OS).
  • RACF/VM V1.10 and the RACF for z/VM feature:
    • Provides the capability to register OpenExtensions for VM/ESA users and groups in the RACF database.
    • Offers security for files and directories residing in the OpenExtensions byte file system.
    • Contains Shared file system (SFS) support, enabling RACF file level protection for files and directories residing in the VM/ESA shared file system.
    • Simplifies product installation and service through VMSES/E support.
    • Allows advanced analysis of audited events using  SMF Data Unload.

      RACF for VM V1.10 (5740-XXH) is no longer supported for the Common Criteria Certification feature, formerly known as z/VM V5.1.  The RACF for VM feature is planned to be supported on z/VM V5.2 until April 30, 2009.

Starting with z/VM 5.3, RACF releases are specific to the release of the operating system, much like the Security Server for z/OS. That is, the RACF Security Server feature FL530 is supported only on z/VM 5.3, and is not planned to be supported on any other z/VM release.

 

Program Directory 

Do you need a copy of the program directory for RACF for z/VM 5.4? No problem! Check out http://www.vm.ibm.com/progdir/ for a complete set of program directories for z/VM 5.4 and prior z/VM releases.

 

This page was last updated April 2009.