Download PDF - IBM Redbooks
Download PDF - IBM Redbooks
Download PDF - IBM Redbooks
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Digital certificates: Digital certificates are provided free of charge with your RACF<br />
installation. Organizations often pay for the capacity to verify digital certificates by using<br />
one of the trusted, well-known public CAs, such as VeriSign. An alternative is to use RACF<br />
as your intracompany CA and avoid substantial costs. With coordination between your<br />
company and business partners, you can extend this RACF CA beyond your company<br />
perimeter and potentially save more money on third-party CA validations.<br />
Configuring and activating a PAGENT policy agent<br />
The PAGENT runs as a UNIX process, so that it can be started either from the z/OS UNIX<br />
System Services shell or as a z/OS started task. In our example, we use the z/OS started task<br />
procedure to start the policy agent. To start the policy agent as a z/OS started task, you can<br />
use the started procedure in Example 8-19.<br />
Example 8-19 Started procedure for the PAGENT policy agent<br />
//PAGENT PROC<br />
//*<br />
//PAGENT EXEC PGM=PAGENT,REGION=0K,TIME=NOLIMIT,<br />
// PARM='ENVAR("_CEE_ENVFILE=DD:STDENV")/'<br />
//*<br />
//* Example of passing parameters to the program (parameters must<br />
//* extend to column 71 and be continued in column 16):<br />
//* PARM='ENVAR("_CEE_ENVFILE=DD:STDENV")/-c /etc/pagent3.conf -l<br />
//* SYSLOGD'<br />
//*<br />
//* Provide environment variables to run with the desired<br />
//* configuration. As an example, the data set or file specified by<br />
//* STDENV could contain:<br />
//*<br />
//* PAGENT_CONFIG_FILE=/etc/pagent.sc59.conf<br />
//* PAGENT_LOG_FILE=/tmp/pagent.sc59.log<br />
//* LIBPATH=/usr/lib<br />
//* TZ=EST5EDT4<br />
//*<br />
//* For information on the above environment variables, refer to the<br />
//* IP Configuration Reference. Other environment variables can also<br />
//* be specified via STDENV.<br />
//* Sample HFS file containing environment variables:<br />
//STDENV DD PATH='/etc/pagent.sc59.env',PATHOPTS=(ORDONLY)<br />
//*<br />
//SYSPRINT DD SYSOUT=*<br />
//SYSOUT DD SYSOUT=*<br />
//*<br />
//CEEDUMP DD SYSOUT=*,DCB=(RECFM=FB,LRECL=132,BLKSIZE=132)<br />
You can also find a sample started task procedure for PAGENT in<br />
TCPIP.SEZAINST(EZAPAGSP).<br />
Setting up the PAGENT-started task: To set up the PAGENT-started task for RACF, you<br />
must define a profile for it to the RACF generic resource class, called STARTED, using the<br />
RDEFINE command.<br />
The policy agent is responsible for reading policies from configuration files, a Lightweight<br />
Directory Access Protocol (LDAP) server, or both. However, AT-TLS policies can be defined<br />
128 Running SAP Solutions with <strong>IBM</strong> DB2 10 for z/OS on the <strong>IBM</strong> zEnterprise System