KERBPASS Keyword—Foreign Password

Keywords › KERBPASS Keyword—Foreign Password

KERBPASS Keyword—Foreign Password

Valid on z/OS.

Use the KERBPASS keyword as a password which must be supplied by a foreign system when the network authentication service connection is initiated.

Each system (A and B) must define itself as a local realm with a KERBPASS (X and Y):

LOCAL REALM A KERBPASS: X	LOCAL REALM B KERBPASS: Y
FOREIGN REALM B KERBPASS: Y	FOREIGN REALM A KERBPASS: X

In addition, to establish a connection, each system must define the corresponding foreign realm with passwords which match their local definition. Defining matched passwords helps ensure authentication at the REALM level.

This keyword has the following format:

TSS ADDTO(SDT) REALM(KERBDFLT|foreign_realm)
             REALMNAME(realmname)
             ENCRYPT('[DES|NODES]
                     [DES3|NODES3]
                     [DESD|NODESD]
                     [AES128|NOAES128]
                     [AES256|NOAES256]')
             KERBPASS(password)
             CHKADDRS

Note: The CHKADDRS keyword is used only with KERBDFLT realm record, not foreign realms.

This keyword is used with:

The commands ADDTO and REPLACE
The SDT Record exclusively
MISC3(SDT) authority to ADDTO or REMOVE records or REPLACE fields in the SDT
MISC8(LISTSDT) authority to list realms in the SDT

Example: KERBPASS keyword

This example creates the local realm associated with the URL HYPOTHETICAL.CA.COM enabling all encryption types and a password of "THET1CL".

TSS ADD(SDT) REALM(KERBDFLT)
             REALMNAME(HYPOTHETICAL.CA.COM)
             ENCRYPT('DES DESD') (THET1CAL)
             CHKADDRS

At a communicating node with URL HONEYPOT.CLIENT1.COM, this same node could be described as a foreign REALM at HYPOTHETICAL.CA.COM with the identical KERBPASS:

TSS ADD(SDT) REALM(HYPOTHET)
             REALMNAME('/.../HONEYPOT.CLIENT1.COM/krbtgt/HYPOTHETICAL.CA.COM')
             ENCRYPT('DES DESD')
             KERBPASS(THET1CAL)