IBM is constantly enhancing functions or adding new functions to RACF. Read on:
- Password Security Enhancements
A number of significant enhancements to password and password phrase security are available with new function APAR OA43999 on z/OS V1.12 and higher! These new functions include:
A stronger encryption algorithm for passwords and password phrases
Support for 14 additional special characters in passwords
- The ability for a user to have a password phrase without a password
A new password syntax control that requires a password to contain at least one character from each of four different categories: upper case letters, lower case letters, numeric digits, and symbolic characters
The ability to expire a user's password without changing its value
An ALTUSER command function to "clean up" after lowering the SETROPTS(PASSWORD(HISTORY(nn)) value.
Details on this new function can be found at ftp://public.dhe.ibm.com/eserver/zseries/zos/racf/pdf/oa43999.pdf.
New and Updated RACF Health Checks
With new function APARs OA44696 and OA45608 RACF is:
Updating the RACF_SENSITIVE_RESOURCES check to examine the access protections on your ICSF data sets
Introducing the RACF_PASSWORD_CONTROLS check to examine your setting for password history, mixed case passwords, and the maximum number of days that a password or password phrase is valid
Introducing the RACF_ENCRYPTION_ALGORITHM check to examine the return codes from your ICHDEX01 exit to ensure that at least DES-only encryption is being used for passwords and password phrases on your system.
Information on RACF_PASSWORD_CONTROLS and RACF_ENCRYPTION_ALGORITHM can be found at ftp://public.dhe.ibm.com/eserver/zseries/zos/racf/pdf/oa45608.pdf .
- z/OS Version 2 Release 1
z/OS V2.1 is available! This release includes these new RACF functions:
- IPv6 and transport layer security (TLS) 1.2 cipher suite support for the RACF Remote Sharing Facility (RRSF).
- TCP/IP support for the RACF Remote Sharing Facility (RRSF)
- Support hardware-generated Elliptic Curve Cryptography (ECC) secure keys
- RACF support is planned for generating Elliptic Curve Cryptography (ECC) secure keys using the Crypto Express3 Cryptographic Coprocessors (CEX3C) available for zEnterprise servers.
This page was last updated November, 2014.