Preparation for implementation of CA Advanced Authentication Mainframe (AAM) or IBM?s Multi-Factor Authentication (MFA) support

Document ID : KB000009722
Last Modified Date : 14/02/2018
Show Technical Document Details
Introduction:

CA Top Secret Technical Documentation

Topic: Preparation for implementation of CA Advanced Authentication Mainframe or IBM Multi-Factor Authentication support

 

Release requirement: CA Top Secret r16.  Customers running CA Top Secret r15 or lower will need to upgrade to r16 across all LPARS before implementing CA Advanced Authentication Mainframe or IBM Multi-Factor Authentication.  Under no circumstances should an AAM or MFA implementation project begin until all LPARs have been successfully upgraded to CA Top Secret r16.

Instructions:

Steps to complete before leveraging CA Advanced Authentication Mainframe (AAM) or IBM Multi-FactorAuthentication (MFA):

Step 1: Implement CA Top Secret r16 including related toleration PTF RO92675 across all LPARs prior to beginning the implementation.

o   For ease of implementation RO92675 should be ACCEPTed via SMP/E prior to moving ahead to step 2.  This will allow sites to:

§  Successfully back out RO92696 should that become necessary.

§  Prevent problems should an LPAR unexpectedly be brought into a shared environment.

 

ALERT: If RO92675 is not ACCEPTed, make sure it is not RESTOREd while backing off any other maintenance.

 

Step 2: Install PTF RO92696 to bring in support for the AAM and MFA enhancement. 

  • This enhancement implements the following product changes:
    • Internal TSS security record elements in support of AAM and MFA
    • TSS command changes to allow MFA user and Control Option administration:
      • TSS ADD/REMOVE/PERMIT/REVOKE command updates
      • TSS MODIFY MFA Control Option updates
      • TSS LIST command output to allow display of user ACID AAM and MFA data
      • TSS MODIFY STATUS command output to allow display of AAM and MFA Control Option
      • TSS WHOHAS MFACTOR
    • TSSCFILE record types:
      • 5203    PWFALLBACK=
      • 5204    MFACTIVE=
      • 5206    TAGS=
      • 5207    Tag data continuation

ALERT: Attempting to implement AAM or MFA in a configuration where not all recommended maintenance has been applied can result in an unstable implementation and is highly discouraged.

 

 

Step 3: Begin implementation steps for AAM and MFA