RACF certificate name filtering

With certificate name filtering, distinct client certificates do not have to be defined to RACF for every individual user.

The association between one or more certificates and a RACF® user ID is achieved by defining a filter rule that matches the distinguished name of the certificate owner or issuer (CA). A sample filter rule might look like this:
RACDCERT ID(DEPT3USR) MAP SDNFILTER(OU=DEPT1.OU=DEPT2.O=IBM.L=LOC.SP=NY.C=US)
This sample filter rule would associate user ID DEPT3USR with all certificates when the distinguished name of the certificate owner contains the organizational unit DEPT1 and DEPT2, the organization IBM®, the locality LOC, the state/province NY and the country US.

Information Information

Feedback


Timestamp icon Last updated: Tuesday, 19 November 2013


https://ut-ilnx-r4.hursley.ibm.com/tgzos_latest/help/topic/com.ibm.cics.tg.zos.doc//ctgzos/racfnamfil.html