Can IBM LDAP update the CA Top Secret Security File for z/VSE

Document ID : KB000016620
Last Modified Date : 14/02/2018
Show Technical Document Details
Introduction:

Can IBM LDAP be used to update the CA Top Secret for z/VSE Security File?

Question:

Can IBM LDAP be used to update the CA Top Secret for z/VSE Security File?

Answer:

IBM LDAP currently doesnt have the ability to update the CA Top Secret for z/VSE security file.

CA Technologies has its own version of  LDAP called  CA LDAP, but only runs on the z/OS platform. There arent any versions that run on z/VM/ z/VSE or z/Linux.

CA LDAP allows you to issue security checks, authenticate, extract information from the security file and make TSS administrative changes to CA Top Secret for z/OS.

CA PAM allows you to validate signons on z/Linux. It requires CA LDAP. When a signon occurs in z/Linux, CA PAM will make a call to CA LDAP and authenticate the userid and password. This means the userid and password must exist on CA Top Secret for z/OS.

If the validation is successful or unsuccessful, we let CA PAM know and it allows or fails the signon on z/Linux.

Currently there is no equivalent of CA PAM that runs on z/VM and z/VSE.