To enable the SMB server to use the encrypted password processing with z/OS add the entry DCE.PASSWORD.KEY to the SDT KEYSMSTR record.
This command has the following format:
TSS ADD(SDT) KEYSMSTR(DCE.PASSWORD.KEY)
DCENCRY(kkkkkkkk)
KEYMASK | KEYNCRY
This attribute has only one value, which is DCE.PASSWORD.KEY, entered in uppercase characters.
Specifies the 16‑character hexadecimal encryption key
Specifies that the DCENCRY key is used to mask the user’s DCE password when it is stored in the DCEKEY field of the user’s ACID record.
Default: KEYMASK
Specifies that the DCENCRY key is used to encrypt the user’s DCE password when it is stored in the user’s ACID record
Note: Only the MSCA can specify the KEYSMSTR keyword.
Examples: SMB passwords
This example defines the string c1c2c3c4c5c6c7cc8 as the encryption key value for SMB password support:
TSS ADD(SDT) KEYSMSTR(DCE.PASSWORD.KEY)
DCENCRY(C1C2C3C4C5C6C7C8)
This example deletes the KEYSMSTR record for the SDT:
TSS DEL(SDT) KEYSMSTR(DCE.PASSWORD.KEY)
This example replaces the encryption key and use the DES encryption to mask:
TSS REP(SDT) KEYSMSTR(DCE.PASSWORD.KEY)
DCENCRY(0123456701234567)
This example lists the current encryption value:
TSS LIST(SDT) KEYSMSTR(DCE.PASSWORD.KEY)
|
Copyright © 2014 CA Technologies.
All rights reserved.
|
|