Level 2 includes Level 1 authentication plus an additional step -- verification that the DCAS client certificate has been associated in RACF with a valid user ID, which must be the user ID that DCAS is running under.
To configure DCAS for Level 2 authentication:
-
Specify the CLIENTAUTH LOCAL2 keyword and value in the DCAS server configuration file.
-
Use FTP (with the BINARY send option) to send the DCAS client's DER certificate to an MVS dataset.
-
Use the RACDCERT ADD command to add the certificate to RACF and associate it with a user ID, as shown in this example:
RACDCERT ID(dcasid) ADD('DCAS.HOSTPUB.CERT') TRUST
where dcasid is the name of the user ID.