Kerberos requires a password change server ACID with a reserved local principal name. The only required ACID characteristic is that the user has the local principal name kadmin/changepw.
To define a USS capable user, enter:
TSS CREATE(KRBCHG) DEPT(sysdept)
NAME(‘KERBEROS PSWD/CHG’)
PASS(pswd,0)
FAC(STC,BATCH)
TSS ADD(KRBCHG) UID(…)
TSS ADD(KRBCHG) GROUP(OMVSGRP)
DFLTGRP(OMVSGRP)
TSS ADD(KRBCHG) HOME(/u/krbchg)
OMVSPGM(/bin/sh)
TSS PER(KRBCHG) HFSSEC(/u.krbchg)
ACC(READ,UPDATE,EXEC)
TSS PER(KRBCHG) HFSSEC(/BIN.SH)
ACC(READ,EXEC)
TSS ADD(KRBCHNG) KERBNAME(kadmin/changepw)
|
Copyright © 2014 CA Technologies.
All rights reserved.
|
|