Configuration Best Practices › Securing Linux on z/OS

Securing Linux on z/OS

If your installation is using mainframe Linux, we recommend that you use CA PAM Client for Linux for System z (CA PAM) to secure mainframe Linux signon processing. The Pluggable Authentication Module (PAM) integrates with external security managers such as CA Top Secret and CA ACF2 to extend your existing security implementation to Linux for System z.

Business Value:

This best practice offers the following benefits:

• It simplifies mainframe Linux administration by eliminating the need to define user credentials on the Linux platform itself.
• It helps enforce your existing security policy, enabling you to greater leverage your investment in CA Top Secret and in administrative processes and controls.
• It extends mainframe CA Top Secret reporting capabilities to include mainframe Linux signon activity.

Additional Considerations:

By eliminating native Linux user directories and using CA PAM, you can secure mainframe Linux signon processes through user credentials that CA Top Secret maintains.