Previous Topic: EIMPROF Keyword—EIM Profile NameNext Topic: Examples: ENCRYPT keyword

KeywordsENCRYPT Keyword—Encryption Level

ENCRYPT Keyword—Encryption Level

Valid on z/OS.

Use the ENCRYPT keyword to enable or disable levels of encryption. The levels supported are:

ENCRYPT

Configuration ENCTYPE

DESD

Configuration ENCTYPE double DES.

DES3

Configuration ENCTYPE:

AES128

Configuration ENCTYPE:

AES256

Configuration ENCTYPE:

Corresponding to each level of encryption in the security environment, there must be a corresponding level in the Kerberos configuration file. See the IBM documentation on the Security Server Network Authentication Service to assure that your configuration file corresponds to your security encryption specification.

Kerberos Realm Definition Symmetry

The encryption levels of mutually defined systems in a TCP/IP network must specify equal encryption levels to ensure handshake:

LOCAL REALM A
KERBPASS: X

LOCAL REALM B
KERBPASS: Y

FOREIGN REALM B
KERBPASS: Y

FOREIGN REALM A
KERBPASS: X

For z/OS 1.8 and below:

For z/OS 1.9 and above, KERBLVL is ignored, all levels are supported.

When used with REALM, this keyword has the following format:

TSS ADD(SDT) REALM(KERBDFLT|foreign_realm) 
             REALMNAME(realmname)
             ENCRYPT('[DES|NODES] [DES3|NODES3] [DESD|NODESD] 
                      [AES128|NOAES128][AES256|NOAES256]')
             KERBPASS(password)

When used with Kerberos, this keyword has the following format:

TSS ADD(acid) KERBNAME(kerbname)
              ENCRYPT('[DES|NODES] [DES3|NODES3] [DESD|NODESD] 
                       [AES128|NOAES128][AES256|NOAES256]')
ENCRYPT

Default: DES DES3 DESD AES128 AES256

The keyword is used with: