Multi Factor Authentication for Linux on IBM Z using a centralized z/OS LDAP infrastructure
Document Author: Additional Author(s):
Manfred Gnirss, Adilet Sabyrbaev2, Arwed Tschoeke
Advanced Technical Sales
IBM LinuxONE; IBM Security Solutions; IBM System z; LDAP; Linux; LinuxONE; Linux on zSeries; Systems Management; S/390; z Systems; z10; z10 BC; z10 EC; z114; z13; z13s; z14; zEC12; zEnterprise; zEnterprise 196; zEnterprise EC12; zSeries 990; zSeries; z/OS
Abstract: The most common method for authenticating users is by the use of passwords, which is today often no more sufficient in mission critical systems. Therefore Multi Factor Authentication (MFA) gets growing importance. This addresses regulatory and industry requirements for strong privileged user authentication (for example, the actual version of the Payment Card Industry Data Security (PCI-DSS) standard requires to use MFA for administrators). In this document we will show how a Linux on IBM Z server can be configured in a way that privileged users logon using the IBM TouchToken for iOS application to generate a one-time password and how the MFA can be performed using services of a central z/OS system with RACF/LDAP/MFA infrastructure.