Previous topic |
Next topic |
Contents |
Contact z/OS |
Library |
PDF
Using encrypted passwords for LDAP servers z/OS Cryptographic Services PKI Services Guide and Reference SA23-2286-00 |
|
PKI Services uses an LDAP directory to store certificates. LDAP requires authenticating (binding) to the directory. You can do this by using a distinguished name and passwords. Passwords for binding (to multiple LDAP directories) can be encrypted or in clear text. The UNIX programmer or LDAP programmer or both determine whether or not to use encrypted LDAP bind passwords. You store information about passwords in the PKI Services configuration file, pkiserv.conf. If you do not need the bind password for the LDAP server to be
encrypted, you specify the values for Server1, AuthName1 and AuthPwd1
in the pkiserv.conf configuration file. If you want
the bind password for the LDAP server to be encrypted, you can use
of either one of the following profiles:
Before creating either of the preceding profiles, the RACF® administrator defines the LDAP.BINDPW.KEY profile in the KEYSMSTR class. This profile contains a SSIGNON segment, which holds either the masked or encrypted value for the key that encrypts passwords stored in the RACF database. Then the RACF administrator creates either of the preceding profiles with a PROXY segment that stores the binding information (the server name, bind distinguished name, and password). |
Copyright IBM Corporation 1990, 2014
|