Administering HostIdMappings extensions

You can add a HostIdMappings extension to certificates you create for certain users, allowing you to specify the user IDs that each user is able to use for login to particular servers (or hosts). Controlling an identity that is used for login purposes is an important security objective. Therefore, you must exercise administrative control in the following areas by authorizing:
  • PKI Services as a highly trusted certificate authority whose certificates are honored when they contain HostIdMappings extensions
  • Particular servers to accept logins from clients whose certificates contain HostIdMappings extensions
Parent topic: RACF administration for PKI Services