IBM Systems Magazine, Mainframe - May/June 2018 - 12

CURRENTS

*

*

and nationals (@#$). The
possible combinations of
passwords are 39**8, or
5,352,009,260,481.
By adding mixed-case
passwords to the above,
there are 65 possible
options for each space. This
is a number of 65**8, or
318,644,812,890,625 possible
eight-character passwords.
Taking it one step farther,
with the addition of 14
special characters, the
possible combinations
go to 79**8, or
1,517,108,809,906,561

Beyond the EightCharacter Password
Beyond the eight-character
password, RACF offers other
options for authenticating
with the mainframe. These will
be described in the following
sections.
Password Phrase
A password phrase is a character
string consisting of mixed-case
letters, numbers and special
characters including blanks.
RACF enforces a basic set of
syntax rules to establish strength
in password phrases, including:
*
*

*

*

*

*

Maximum length of 100
characters
Minimum length of nine
characters, when a RACF
exit is used
Is present and allows the new
value, 14 characters, when
ICHPWX11 isn't present
Must not contain the user
ID (as sequential uppercase
or sequential lowercase
characters)
Must contain at least two
alphabetic characters ("A"
through "Z" or "a" through "z")
Must contain at least two
non-alphabetic characters
(numerics, punctuation or

*

special characters)
Must not contain more than
two consecutive characters
that are identical

PassTicket
The RACF PassTicket function
allows a workstation to
communicate without using a
RACF password or password
phrase. This secured signon
function (i.e., PassTicket) creates
a one-time-use token that isn't
reusable and is time dependent.
The PassTicket is a one-time-only
password that's generated by the
requesting product or function.
End users of the application use
the PassTicket to authenticate.
Digital Certificate
A digital certificate is a digital
document issued by a trusted third
party that binds an end entity
to a public key. Two parties are
involved in the use of certificates.
One party uses a certificate to
identify itself, the other party must
validate it. This process is referred
to as a handshake. The protocol
that's used is SSL/Transport
Level Security. For the handshake
process to work, both parties must
store the certificates in their own
certificate store (also referred as a
keystore or a key database).
Network Authentication Service
Kerberos performs authentication
as a trusted third-party
authentication service by using
conventional shared secret key
cryptography. Kerberos support
is provided via the Network
Authentication Service for z/OS.
It performs authentication as a
trusted third-party authentication
service by using conventional
shared secret-key cryptography.
Network Authentication Service
provides a means of verifying the
identities of principals, without
relying on authentication by the
host OS, without basing trust on

12 // MAY/JUNE 2018 ibmsystemsmag.com

W

A password
phrase is a
character string
consisting of
mixed-case
letters, numbers
and special
characters
including blanks

host addresses, without requiring
physical security of all the hosts
on the network, and under the
assumption that packets traveling
along the network can be read,
modified and inserted at will. The
Network Authentication Service
uses RACF to store and administer
information about principals
and realms.
IBM Multi-Factor
Authentication for z/OS
IBM Multi-Factor Authentication
for z/OS (IBM MFA) requires users
to authenticate with multiple
authentication factors during the
logon process. The main support
components for IBM MFA on z/OS
are the MFA server and RACF. This
MFA solution is designed to be very
flexible because it's not locked
to any particular authentication
factors. As new authentication
factors become available, they can
be added to MFA for z/OS without
requiring changes to the RACF
MFA infrastructure.
MFA raises the level of
assurance of mission-critical
systems with a flexible and tightly
integrated solution. MFA and the
RACF security server infrastructure
creates a layered defense by
requiring selected z/OS users
to log on with more than one
authentication factor including:
*
*

*

Something they know (e.g., a
password or security question)
Something they have (e.g.,
an ID badge or cryptographic
token device)
Something they are (e.g.,
a fingerprint)

Multiple Options
Multiple ways to authenticate with
RACF exist to provide a highly
securable z/OS environment. More
than one of the aforementioned
options could be the solution to
strengthen authentication to the
mainframe.


http://www.ibmsystemsmag.com

Table of Contents for the Digital Edition of IBM Systems Magazine, Mainframe - May/June 2018

Table of Contents
Editor's Desk: Good things in small packages
Trends: IBM LinuxONE and Linux on Z offer a differentiated infrastructure and open standards for running a premium microservices cloud
Currents: RACF offers different options to ensure a secure IBM Z system
Partner POV: Linux on IBM Z postitions clients to move forward with modern technologies and workloads
Cover Story: Flexibility Counts: Why clients rely on Linux on IBM Z and LinuxONE to deliver business value
Feature: Fresh, Flexible and New: IBM z14 Model ZR1 boasts more capacity in a smaller foorprint
Tech Showcase: How DevOps helps organizations keep up with the quickening pace of competition
Tech Corner: Engage IBM Db2 V12 for mobile with z/OS Distributed Data Facility or z/OS Connect
Administrator: Single-frame IBM z14 Model ZR1 brings the benefits of IBM Z to organizations of all sizes
Solutions: CleverView for TCP/IP on Linux V2.9, VitalSigns for FTP V3.1
Stop Run: Growing up around computers and the IBM culture led Matthew Cousens to work with the mianframe
Reference Point - Global Events, Education, Resources for Power Systems
2018 Mainframe Solutions Edition Product Index
IBM Systems Magazine, Mainframe - May/June 2018 - Intro
IBM Systems Magazine, Mainframe - May/June 2018 - Cover1
IBM Systems Magazine, Mainframe - May/June 2018 - Cover2
IBM Systems Magazine, Mainframe - May/June 2018 - 1
IBM Systems Magazine, Mainframe - May/June 2018 - Table of Contents
IBM Systems Magazine, Mainframe - May/June 2018 - 3
IBM Systems Magazine, Mainframe - May/June 2018 - Editor's Desk: Good things in small packages
IBM Systems Magazine, Mainframe - May/June 2018 - 5
IBM Systems Magazine, Mainframe - May/June 2018 - Trends: IBM LinuxONE and Linux on Z offer a differentiated infrastructure and open standards for running a premium microservices cloud
IBM Systems Magazine, Mainframe - May/June 2018 - 7
IBM Systems Magazine, Mainframe - May/June 2018 - 8
IBM Systems Magazine, Mainframe - May/June 2018 - 9
IBM Systems Magazine, Mainframe - May/June 2018 - Currents: RACF offers different options to ensure a secure IBM Z system
IBM Systems Magazine, Mainframe - May/June 2018 - 11
IBM Systems Magazine, Mainframe - May/June 2018 - 12
IBM Systems Magazine, Mainframe - May/June 2018 - 13
IBM Systems Magazine, Mainframe - May/June 2018 - Partner POV: Linux on IBM Z postitions clients to move forward with modern technologies and workloads
IBM Systems Magazine, Mainframe - May/June 2018 - 15
IBM Systems Magazine, Mainframe - May/June 2018 - Cover Story: Flexibility Counts: Why clients rely on Linux on IBM Z and LinuxONE to deliver business value
IBM Systems Magazine, Mainframe - May/June 2018 - 17
IBM Systems Magazine, Mainframe - May/June 2018 - 18
IBM Systems Magazine, Mainframe - May/June 2018 - 19
IBM Systems Magazine, Mainframe - May/June 2018 - Feature: Fresh, Flexible and New: IBM z14 Model ZR1 boasts more capacity in a smaller foorprint
IBM Systems Magazine, Mainframe - May/June 2018 - 21
IBM Systems Magazine, Mainframe - May/June 2018 - 22
IBM Systems Magazine, Mainframe - May/June 2018 - 23
IBM Systems Magazine, Mainframe - May/June 2018 - 24
IBM Systems Magazine, Mainframe - May/June 2018 - Tech Showcase: How DevOps helps organizations keep up with the quickening pace of competition
IBM Systems Magazine, Mainframe - May/June 2018 - 26
IBM Systems Magazine, Mainframe - May/June 2018 - 27
IBM Systems Magazine, Mainframe - May/June 2018 - 28
IBM Systems Magazine, Mainframe - May/June 2018 - 29
IBM Systems Magazine, Mainframe - May/June 2018 - Tech Corner: Engage IBM Db2 V12 for mobile with z/OS Distributed Data Facility or z/OS Connect
IBM Systems Magazine, Mainframe - May/June 2018 - 31
IBM Systems Magazine, Mainframe - May/June 2018 - 32
IBM Systems Magazine, Mainframe - May/June 2018 - 33
IBM Systems Magazine, Mainframe - May/June 2018 - 34
IBM Systems Magazine, Mainframe - May/June 2018 - Administrator: Single-frame IBM z14 Model ZR1 brings the benefits of IBM Z to organizations of all sizes
IBM Systems Magazine, Mainframe - May/June 2018 - 36
IBM Systems Magazine, Mainframe - May/June 2018 - 37
IBM Systems Magazine, Mainframe - May/June 2018 - 38
IBM Systems Magazine, Mainframe - May/June 2018 - Solutions: CleverView for TCP/IP on Linux V2.9, VitalSigns for FTP V3.1
IBM Systems Magazine, Mainframe - May/June 2018 - Stop Run: Growing up around computers and the IBM culture led Matthew Cousens to work with the mianframe
IBM Systems Magazine, Mainframe - May/June 2018 - Cover3
IBM Systems Magazine, Mainframe - May/June 2018 - Cover4
IBM Systems Magazine, Mainframe - May/June 2018 - Reference Point - Global Events, Education, Resources for Power Systems
IBM Systems Magazine, Mainframe - May/June 2018 - 2018 Mainframe Solutions Edition Product Index
IBM Systems Magazine, Mainframe - May/June 2018 - SE2
IBM Systems Magazine, Mainframe - May/June 2018 - SE3
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20190708
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20190506
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20190304
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/relevantz_20190102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/2019mfse
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20190102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20181112
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20180910
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20180708
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20180506
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20180304
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20180102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/2018mfse
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20171112
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20170910
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20170910_v2
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20170708
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20170506
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20170304
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_sesupp
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20170102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_linuxsupp
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20161112
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/MainframeSecurity
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20160910
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20160708
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20160506
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20160304
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20160102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20151112
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20150910_se
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20150910
http://www.ibmsystemsmagmainframedigital.com/MFSkills
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20150708
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20150506_supp
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20150506
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20150304
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20150102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20141112
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20140910_v2
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20140910
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20140708
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_gt_201405
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/BigData
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20140506
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20140304
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20140102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20131112
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20130910_v2
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20130910
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20130708
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20130506
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20130304
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20130102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20121112
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/buyersguide2013
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20120910
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20120708
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20120506
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20120304
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20120102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/ibmsystems_mainframe_2012bg
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20111112
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20110910
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20110708
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20110506
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20110304
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20110102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20101112
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20100910
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20100910_bg
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20100708
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20100506
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20100304
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20100102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20091112
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20090910
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20090708
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20090506
http://www.nxtbook.com/nxtbooks/ibmsystemsmag/mainframe_20090304
http://www.nxtbook.com/nxtbooks/mspcomm/ibmsystems_mainframe_200901
http://www.nxtbookMEDIA.com