Previous topic |
Next topic |
Contents |
Contact z/OS |
Library |
PDF
Changing the runtime user ID z/OS Cryptographic Services PKI Services Guide and Reference SA23-2286-00 |
|
When the PKI Services CGIs are called, they are assigned a runtime user ID. This is the identity that is associated with the unit of work (task). This identity must be authorized to call the function being requested. (See RACF administration for PKI Services for more information.) Most of the templates run under the surrogate user ID (PKISERV) for requesting a certificate and for subsequently retrieving it. There are two exceptions:
The advantage of having PKISERV as the runtime user ID is that this is the only user ID that needs to be authorized for requesting certificates. The advantage of using the client's user ID is that you have greater control over who can request and retrieve certificates. For example, you can require the user to authenticate by entering user ID and password before requesting or retrieving a certificate. You can control the user ID under which a certificate request or retrieval runs by selectively commenting and uncommenting FORM statements in the pkiserv.tmpl file. (For requesting a certificate, the FORM statements are in the appropriate TEMPLATE section, in the CONTENT subsection. For retrieving a certificate, the FORM statements are in the appropriate TEMPLATE section, in the RETRIEVECONTENT subsection.) There are three levels of access control for requesting and retrieving
certificates:
The IBM HTTP Server configuration
file enforces these three levels of access control. The default
configuration for PKI Services maps
the three levels of access control to the following CGI directories:
Each certificate template contains several FORM statements (two commented out and one uncommented, which is active) that determines which of these applies. You can change the access control by uncommenting one of the FORM statements that is commented out and commenting out the one that is active. |
Copyright IBM Corporation 1990, 2014
|