Keywords › DCENCRY Keyword—Encryption Key Value

DCENCRY Keyword—Encryption Key Value

Valid on z/OS and z/VM.

Use the DCENCRY keyword in conjunction with KEYSMSTR to provide a key name to encrypt and decrypt passwords.

On z/OS to have the SMB server use encrypted password processing, add the entry DCE.PASSWORD.KEY to the SDT KEYSMSTR record.

To use the EIM/PROXY feature, add the KEYSMSTR entry LDAP.BINDPW.KEY before entering a PRXBINDPW.

This keyword has the following format:

TSS ADDTO(SDT) KEYSMSTR(XXX.XXXXXX.XXX)
               DCENCRY(CCCCCCCCCCCCCCCC)
               [KEYMASK|KEYENCRY]

CCCCCCCCCCCCCCCC

Hexadecimal encryption key value.

Length: 16 characters

KEYMASK

(Default) Indicates that the DCENCRY key is used to mask the user's DCE password when it is stored in the DCEKEY field of the user's acid record.

KEYENCRY

Indicates that the DCENCRY key is used to encrypt the user's DCE password when it is stored in the user's acid record.

This keyword is used with:

• The commands ADDTO, DELETE, REMOVE, REPLACE, and LIST
• The SDT records exclusively
• MSCA authority