Environment
Novell Identity Manager Driver - Mainframe ACF2 Fanout
Novell Identity Manager Driver - Mainframe ACF2
Bi-directional
Novell Identity Manager Driver - Mainframe RACF
Bi-directional
Novell Identity Manager Driver - Mainframe RACF Fan Out
Novell Identity Manager Driver - Mainframe Top Secret
Bi-directional
Novell Identity Manager Driver - Mainframe Top Secret Fan
Out
Novell Identity Manager Driver - Midrange OS/400
Bi-directional
Novell Identity Manager Driver - Midrange OS/400 Fan Out
Situation
What issues exist when syncing passwords from eDirectory to
Mainframe or Mid-range computers.
Resolution
There is a limit of 8 characters on passwords for
mainframes. For mid-range computers, there is a limit
of 10 or 128 characters depending on the mid-range computers
settings.
Fan-out Driver
Mainframes.
In the fan-out driver, password sync does not occur
directly. It doesn't receive passwords from the receiver, but
it can update the local RACF database if a user successfully logs
onto the mainframe. During auth redirection, users can
only type in 8 chars on the terminal.
Midrange
Midrange
Fan-out driver does not do redirection. But it will send
password changes through the receiver to the midrange
computer.
Bi-directional Driver
In the bidirectional driver (not fanout), passwords are not
truncated by default. They would need to add policy to
truncate it.
If a password comes through from universal password
to a mainframe box that is too long, the mainframe will reject
it. It will return an error in the status document for
that password change.
Mainframe reason for the 8 character limit.
Up until recent versions of the z/OS, 8 characters was all that
the operating system permitted. In more recent
versions, RACF introduced a "pass-phrase” that can be used instead
of a password. Applications and system entry points like
logon screens will have to be modified to support it.
Currently, Novell does not support that feature.
Due to
limitations on the mapping of special characters, they may get set
to a different character, so they should be avoided. If they
are standard EBCDIC characters, they will be fine.