Level 3 includes Level 2 authentication plus verification that the DCAS client has been granted access in RACF to the DCAS server. The user ID derived from the certificate used with Level 2 RACF checks is defined as having access to the SERVAUTH RACF class and the EZA.DCAS.cvtsysname resource in the SERVAUTH class.
NOTE:
If the SERVAUTH class is not active or the EZA.DCAS.cvtsysname profile is not defined, or both, it is assumed this enhanced level is not requested.
If the SERVAUTH class is active and the EZA.DCAS.cvtsysname profile is defined (but not for the user associated with the certificate) the requester’s connection is terminated. For example:
RDEFINE SERVAUTH EZA.DCAS.cvtsysname UACC(NONE)
PERMIT EZA.DCAS.cvtsysname CLASS(SERVAUTH) ACCESS(CONTROL) ID(dcasid)
where dcasid is the name of the user ID.
To configure DCAS for Level 3 authentication:
Specify the CLIENTAUTH LOCAL2 keyword and value in the DCAS configuration file.
Activate the SERVAUTH RACF class.
Define a profile for the EZA.DCAS.cvtsysname resource and associate the profile with the user ID associated with the certificate.
The ID associated with the certificate and the EZA.DCAS.cvtsysname can be any valid user ID.