Keywords › KEYSMSTR Keyword—Define Password Key Name

KEYSMSTR Keyword—Define Password Key Name

Valid on z/OS and z/VM.

Use the KEYSMSTR keyword:

• In conjunction with DCENCRY to provide a key name to encrypt and decrypt passwords.
• (On z/OS) To have the SMB server use encrypted password processing, add the entry DCE.PASSWORD.KEY to the SDT KEYSMSTR record.

To use the EIM/PROXY feature, add the KEYSMSTR entry LDAP.BINDPW.KEY before entering a PRXBINDPW.

This keyword has the following format:

TSS ADD(SDT) KEYSMSTR(LDAP.BINDPW.KEY
             DCENCRY(CCCCCCCCCCCCCCCC)
             [KEYMASK|KEYENCRY]

DCENCRY

A hexadecimal encryption key value.

Size: 16 characters

KEYMASK

(Default) Indicates that the DCENCRY key is used to mask the user's DCE password when it is stored in the DCEKEY field of the user's acid record.

KEYENCRY

Indicates that the DCENCRY key is used to encrypt the user's DCE password when it is stored in the user's acid record.

This keyword is used with:

• The commands ADDTO, DELETE, REMOVE, REPLACE, and LIST
• The SDT records exclusively
• MSCA authority

Examples: KEYSMSTR keyword

This example defines the string C1C2C3C4C5C6C7C8 as the encryption key value for the LDAP PROXY BINDPW key:

TSS ADD(SDT) KEYSMSTR(LDAP.BINDPW.KEY)
             DCENCRY(C1C2C3C4C5C6C7C8)

This example lists the KEYSMSTR record:

TSS LIST(SDT) KEYSMSTR(LDAP.BINDPW.KEY)

This example deletes the KEYSMSTR from the SDT:

TSS DELETE(SDT) KEYSMSTR(LDAP.BINDPW.KEY)