Valid on z/OS.
Use the KERBNAME keyword to specify local principals as CA Top Secret users. The KERBNAME principal name, which must be added to an existing user, creates a KERB segment in the user record in the Security File. Each local principal must have a password (do not use NOPW option).
For each local principal you define (KERB segment in user record), CA Top Secret automatically creates a mapping entry in the KERBLINK SDT record. If you remove the KERB segment, or delete the user, the KERBLINK record is deleted automatically.
Each local principal must have a key registered with the local Kerberos Server to be recognized as a local principal. The key is generated from the principal's CA Top Secret user password at the time of the user's password change. The user's definition is not complete until the key is generated.
TSS ADDTO(acid) KERBNAME(' kerberos—principal—name')
[ENCRYPT('[DES|NODES]
[DES3|NODES3]
[DESD|NODESD],
[AES128|NOAES128]
[AES256|NOAES256]')]
[MAXTKTLF( max—ticket—life)]
Specifies the z/OS user ID's local kerberos‑principal‑name. The value specified must be unique, therefore, a list of users cannot be specified on an ADDUSER command with the KERBNAME keyword.
The kerberos—principal—name defined to CA Top Secret can consist of any character except @ (X'7C'). To avoid problems with different code pages do not use EBCDIC variant characters. Lower case characters are honored.
Note: To use the USS kinit -s command the KERBNAME and the ACID must be identical.
Use the single quotes, or not, depending on the following:
This example indicates that a KERB segment was added to user Cassie, with a Kerberos principal name of Cassie1Principal and a maximum ticket life of 24 hours:
TSS ADDTO(CASSIE) KERBNAME('CASSIE1PRINCIPAL')
MAXTKTLF(86400)
This example lists the KERB segment of ACID CASSIE:
TSS LIST(KRBPEON) SEG(KERB)
|
Copyright © 2014 CA Technologies.
All rights reserved.
|
|