Open JirkaAichler opened 1 year ago
I'm upvoting this request. We have customers using hardware private keys in RACF/Top Secret (ICSF), and just for ZOWE they have to create soft keys and are not happy about it.
Some related ICSF details in https://github.com/zowe/zss/issues/597.
We have another customer that would benefit from the ICSF support.
@MarkAckert Mark, do you think that the Marist system could be setup to support this hardware (ICSF) ?
I believe we have CSFSERV
configured on the Marist boxes with some access already in place; we can update user permissions on the box and stc permissions through ZWESECUR. Do we have a test case we can run to verify its working? And is this just an ESM configuration change to get this working, or is it paired with a code change?
The best way to validate the configuration is by generating an ICSF key ring.
I could not find any good documentation. This is probably the best that I found:
We have a test installation with private keys in ICSF. Which build/version is needed? Mine is a bit outdated, but I can update it quickly and test it.
I'm not sure if we have the code ready for this "feature". I'll leave it up to others to reply @1000TurquoisePogs @achmelo @balhar-jakub
correct, the code is not ready for testing of zlux. i would love to make the code available to @rudatp soon to know where to go next.
We have another customer looking for JCECCARACF keyring stored in the ICSF.
The latest discussion on the topic during the ZAC call discussed that:
Some customers are requesting support for different keyring types that are used in their mainframe security environments. They are interested primarily in the JCECCARACFKS keyring format.
What Zowe components support keyring? How difficult would be to implement it?
It should be simple to update Java-based applications: