Visit Citebite Deep link provided by Citebite
Close this shade
Skip to main content
    Country/region [select]      Terms of use
     Home      Products      Services & industry solutions      Support & downloads      My account     
Servers   >  

What's new in RACF

IBM is constantly enhancing functions or adding new functions to RACF. Read on:

  • z/OS V1.8

    z/OS V1.8
     is available! This z/OS release includes these new RACF functions:

    • Support for RACF pass phrases from 14 to 100 characters in length

    • Support for virtual key rings

    • New RACF checks for the IBM Health Checker for z/OS and enhancements to the RACF_SENSITIVE_RESOURCES check

  • z/OS V1.7

    z/OS V1.7 
     contains these new RACF functions:

    • Mixed-case passwords. Resource managers which support mixed-case passwords include:

      • z/OS V1R7
        • TSO/E
        • Console logon
        • JOB statements
        • z/OS UNIX functions

      • CICS Transaction Server 3.1

      • CICS Transaction Server 2.3 (with PTF)

      • CICS Transaction Server 2.2 (with PTF)

      • z/OS V1R7 Communications Server
        • FTP server
        • rshd 
        • rexecd 
        • RXSERVET
        • TN3270 server (for RestrictAppl and Unformated System Services (USS) functions)
        • telnet server
        • LPD server

      • DB2 V7 (with APAR PK23736)

      • DB2 V8 (with APAR PK23736)

      • DB2 V9

      • RMF Performance Monitoring Java Technology Edition

    • Creation of SMF type 80 records during user logon (RACROUTE
      REQUEST=VERIFY,ENVIR=CREATE) when you have SETR AUDIT(USER) specified and the user changes his/her password
    • Delegated resources (allowing access to some resources, e.g. crypto services/keys, based on the server identity rather than the client identity)

    • Keeping revoke dates in user profiles during ALTUSER ... RESUME processing

    • RACF support for IBM Health Checker for z/OS

    • Improved programming interfaces for PassTicket generation and evaluation, including Java support

    • Automatic RVARY SWITCH to backup RACF DB if RACF detects an I/O error on the primary and the device is marked as offline

    • Improved auditing and messages for the z/OS UNIX getpsent function to improve availability

    • Improved SETR INACTIVE processing, to allow SETR INACTIVE to apply to users who have never logged on if you created them with z/OS R7

    • New "extract" functions of R_admin to allow programs to perform LISTUSER and LISTGRP functions and get the output back in a form that is: 

      • complete (no 4096 line limit)

      • easier to process (structured, rather than unstructured output as you get from the command processors today)

      • defined as a programming interface

  • z/OS Common Criteria Certification

    On March 11,2005, BSI awarded IBM EAL3+ certification for its flagship operating system z/OS 1.6 with the RACF optional feature. The certification encompasses Controlled Access Protection Profile (CAPP) EAL3+ and Labeled Security Protection Profile (LSPP) EAL 3+. z/OS 1.5 and later with the RACF optional feature and DB2 Version 8, provides a multilevel security (MLS) solution.

    Common Criteria Security Certification contains additional information.

  • Guest LAN and Virtual Switch Protection in RACF for z/VM

    With RACF for z/VM APAR VM63452, and z/VM V5R1 (generally available as of September 24, 2004), virtual networking on z/VM is more secure than ever! RACF for z/VM can provide Guest Lan and Virtual Switch authorization, including Virtual LAN (VLAN) assignment. For more information on Guest LANs and Virtual Switches, see z/VM Version 5 Release 1 Connectivity  in the z/VM Version 5 Release 1 library. For more information on the RACF protection, see RACF Version 1 Release 10 Security Administrator's Guide  in the RACF Version 1 Release 10 library .

    This page was last updated  September 2006.

    About IBM Privacy Contact