|
|
|
Use the RDEFINE command to define a specific key to IBM Security Server RACF. This command indicates the type of key you want to protect and the encryption key name. Use this command with an associated PERMIT command for each key and each subsystem to allow access to that key.
This command has the following format:
RDEF CA@BES BESn.key_type.key_name
OWNER(username)
DATA('comments ')
Specifies the RDEFINE command.
Specifies the general resource class for CA Tape Encryption. For keys, this is always CA@BES.
Indicates the local BES subsystem number (1-8). If you specify BES without a subsystem identifier, the profile becomes a global profile and is applied to all BES subsystems.
Indicates the type of key to define. Options for this parameter are as follows:
KEYCODE
Specifies a code book. If you specify this option, the value for the key_name must be defined in the <B2BCodeBooks> section of parmlib.
KEYCERT
Specifies a digital certificate key pair. If you specify this option, the value for the key_name must be a digital certificate defined to the security system on a key ring specified in the <B2BKeyrings> section of parmlib.
KEYSYMM
Specifies a symmetric key. If you specify this option, the value for the key_name must be defined in the <SymmetricKeys> section of parmlib.
Specifies the name of the key. Replace any spaces in the key name with periods.
Specifies the user name of the principle owner of the profiles, typically the security administrator.
Specifies user-written comments to describe the profile.
Example: Define a symmetric key
This example defines a symmetric key named AES256_KEY to BES1 for IBM Security Server RACF. It indicates that you want to control this key on this subsystem.
RDEF CA@BES BES1.KEYSYMM.AES256_KEY
OWNER(SECADMIN)
DATA('CA Tape Encryption KEY PROTECTION PROFILE' )
| Copyright © 2011 CA. All rights reserved. | Tell Technical Publications how we can improve this information |