3.3.1 Configuring DCAS and RACF

The z/OS administrator must configure DCAS (and RACF) to communicate with the MSS Administrative Server.

The administrator must also create a TLS key database file that contains both the DCAS client’s certificate information and the DCAS server's certificate (public key) information. The MSS Administrative Server and DCAS must exchange public keys and place them in the other's trusted store.

Detailed steps are presented in Appendix A. Configuring DCAS and RACF on z/OS.

In brief, the z/OS administrator will:

  1. Configure RACF services for DCAS.

  2. Configure DCAS and TLS on the z/OS mainframe.

  3. Set up key exchange between the DCAS server and TLS.

  4. Manage keys and certificates using RACF's Common key ring support.

  5. Define a PassTicket profile for each application.

  6. Configure the DCAS server.

  7. Start the DCAS server.

NOTE:If you use more than one DCAS server, you can configure each of them for Automated Sign-on. When you assign access to an automated sign-on session, you can choose which DCAS server to use.

When the z/OS setup is complete, continue with the configuration in MSS.

Appendix A. Configuring DCAS and RACF on z/OS

Task List for Administrators

4. Configure Authentication & Authorization

5. Establish trust between the MSS Administrative Server and the DCAS server