Users can be identified and authenticated by means of a digital certificate presented to a z/OS server application that uses System SSL or TCP/IP Application Transparent TLS (AT-TLS) or a z/OS LDAP Server and then mapped to an ACF2 logonid.
The following applications support client authentication via digital certificates when using SSL/TLS sessions:
- TN3270, using the Express Logon Feature (ELF) and the Digital Certificate Application Server (DCAS)
- HTTP server
An encryption card or any other hardware is not required on the z/OS side.