Domain: | SECURITY-ADMINISTRATION |
Privileges: | SECURITY-ADMINISTRATION STD-PROCESSING |
The CONVERT-KEYTAB command converts the Keytab output file of the ktpass command into a procedure file with corresponding SECOS commands.
The transfer of the Keytab output file to the BS2000 system can be controlled by the specification of a corresponding TRANSFER-ADMISSION and a partner system.
In this case the file path has to be specified in the admission profile and the name of the Keytab output file in the partner system has to be specified in the command parameter.
If openFT is not available the Keytab output file has to be transferred with FTP in binary mode to the BS2000 system.
Usage conditions
The CONVERT-KEYTAB commandrequires SDF-P.
For the creation and execution of the procedure file the security administrator additionally must possess the privilege STD-PROCESSING.
Therefore
the SRPMOPT option (file: SYSSSI.SRPMOPT.<version>) SECURITY-ADMIN-STD-PROCESSING=Y has to be set,
and
The security administrator must assign the privilege STD-PROCESSING to himself.
CONVERT-KEYTAB |
KEYTAB-FILE = CONVKTAB.KEYTAB / <filename 1..54> / <c-string 1..512 with-low> , JCL-FILE = CONVKTAB.JCL / <filename 1..54> , TRANSFER-ADMISSION = *NONE / <alphanum-name 8..32> / <c-string 8..32 with-low> / <x-string 15..64> , PARTNER-NAME = *NONE / <name 1..8> , ENTRY-IDENTIFICATION = *STD / <name 1..8> |
KEYTAB-FILE = CONVKTAB.KEYTAB / <filename 1..54> / <c-string 1..512 with-low>
Name of the Keytab output file of the ktpass command. Depending on the TRANSFER-ADMISSION operand the name refers to
the Keytab output file transferred to the BS2000 system (TRANSFER-ADMISSION = *NONE)
or the Keytab output file in Windows (in all other cases).
Default is CONVKTAB.KEYTAB, which is the default name of a Keytab output file transferred to the BS2000.
KEYTAB-FILE = <filename 1..54>
This format is used for the specification of the name of a Keytab output file transferred to the BS2000 system.
KEYTAB-FILE = <c-string 1..512 with-low>
This format is used for the specification of the name of a Keytab output file of the ktpass command in the Windows system (not case sensitive).
JCL-FILE = CONVKTAB.JCL / <filename 1..54>
Specifies the name of the file that contains the corresponding SECOS commands. This file must be executed under the user ID of the security administrator (privilege SECURITY-ADMINISTRATION).
Default: CONVKTAB.JCL.
TRANSFER-ADMISSION = *NONE / <alphanum-name 8..32>
Specifies whether the Keytab output file has to be transferred to the BS2000 system with openFT.
TRANSFER-ADMISSION = *NONE
The Keytab output file has already been transferred to the BS2000 system.
TRANSFER-ADMISSION = <alphanum-name 8..32> / <c-string 8..32 with-low> / <x-string 15..64>
openFT transfer admission in the remote system.
PARTNER-NAME = *NONE / <name 1..8>
Name of the partner system from which the Keytab output file has to be transferred.
PARTNER-NAME = *NONE
Kein Partnerrechner angegeben.
PARTNER-NAME = <name 1..8>
Partner system from which the Keytab output file has to be transferred.
ENTRY-IDENTIFICATION = *STD / <name 1..8>
Identification of the entry in the BS2000 key table.
ENTRY-IDENTIFICATION = *STD
Default entry.
ENTRY-IDENTIFICATION = <name 1..8>
Identification of the entry in the BS2000 key table.
Restrictions
The CONVERT-KEYTAB command at present only processes Keytab output files with the following properties:
max. file size: 4096 Byte
KEYTAB version x'502'