Valid on z/OS and z/VM.
Use the DCENCRY keyword in conjunction with KEYSMSTR to provide a key name to encrypt and decrypt passwords.
On z/OS to have the SMB server use encrypted password processing, add the entry DCE.PASSWORD.KEY to the SDT KEYSMSTR record.
To use the EIM/PROXY feature, add the KEYSMSTR entry LDAP.BINDPW.KEY before entering a PRXBINDPW.
This keyword has the following format:
TSS ADDTO(SDT) KEYSMSTR(XXX.XXXXXX.XXX)
DCENCRY(CCCCCCCCCCCCCCCC)
[KEYMASK|KEYENCRY]
Hexadecimal encryption key value.
Length: 16 characters
(Default) Indicates that the DCENCRY key is used to mask the user's DCE password when it is stored in the DCEKEY field of the user's acid record.
Indicates that the DCENCRY key is used to encrypt the user's DCE password when it is stored in the user's acid record.
This keyword is used with:
This example defines the string C1C2C3C4C5C6C7C8 as the encryption key value for the LDAP PROXY BINDPW key:
TSS ADD(SDT) KEYSMSTR(LDAP.BINDPW.KEY)
DCENCRY(C1C2C3C4C5C6C7C8)
This example lists the KEYSMSTR record:
TSS LIST(SDT) KEYSMSTR(LDAP.BINDPW.KEY)
This example deletes the KEYSMSTR from the SDT:
TSS DELETE(SDT) KEYSMSTR(LDAP.BINDPW.KEY)
|
Copyright © 2014 CA Technologies.
All rights reserved.
|
|