Valid on z/OS.
Use the ENCRYPT keyword to enable or disable levels of encryption. The levels supported are:
Configuration ENCTYPE
Configuration ENCTYPE double DES.
Configuration ENCTYPE:
Configuration ENCTYPE:
Configuration ENCTYPE:
Corresponding to each level of encryption in the security environment, there must be a corresponding level in the Kerberos configuration file. See the IBM documentation on the Security Server Network Authentication Service to assure that your configuration file corresponds to your security encryption specification.
When used with REALM, this keyword has the following format:
TSS ADD(SDT) REALM(KERBDFLT|foreign_realm)
REALMNAME(realmname)
ENCRYPT('[DES|NODES] [DES3|NODES3] [DESD|NODESD]
[AES128|NOAES128][AES256|NOAES256]')
KERBPASS(password)
When used with Kerberos, this keyword has the following format:
TSS ADD(acid) KERBNAME(kerbname)
ENCRYPT('[DES|NODES] [DES3|NODES3] [DESD|NODESD]
[AES128|NOAES128][AES256|NOAES256]')
Default: DES DES3 DESD AES128 AES256
The keyword is used with:
This example enables the encryption levels DES and DES3 in the local REALM:
TSS ADD(SDT) REALM(KERBDFLT)
REALMNAME(HYPOTHETICAL.CA.COM)
KERBPASS(THET1CAL)
ENCRYPT('NODESD')
This example limits the encryption for a particular user to DES encryption only:
TSS ADD(KRBPEON) KERBNAME(KRBPEON)
ENCRYPT('NODESD NODES3')
This example defines a local realm with an explicit encryption level:
TSS ADD(SDT) REALM(KERBDFLT)
REALMNAME('BOTTOMFEEDER.CARP.COM')
ENCRYPT('DES DES3 NODESD')
KERBPASS(GZORNPLT)
This example defines ACID TESTER with a lesser encryption level:
TSS ADD(TESTER) KERBNAME(TESTER)
ENCRYPT('DES NODES3 NODESD')
|
Copyright © 2009 CA Technologies.
All rights reserved.
|
|