Overview #
Resource Access Control Facility (RACF) is a provides the tools to help the installation manage access to critical resources.Resource Access Control Facility works with the System Authorization Facility that provides Access Control and auditing functionality for the MVS operating systems. RACF was introduced in 1976.[1]
Resource Access Control Facility fulfills the main features[1]:
- Identification and verification of a user via UserId and password check (authentication)
- Identification, classification and protection of system resources
- Maintenance of access rights to Protected Resources (authorization)
- Control the means of access to Protected Resources
- Logging of accesses to a protected system and Protected Resources (auditing)
Resource Access Control Facility establishes security policies rather than just permission records. It can set permissions for file patterns — that is, set the permissions even for files that do not yet exist. Those permissions are then used for the file (or other object) created at a later time.
Resource Access Control Facility has continuously evolved to support such modern security features as digital certificates/Public Key Infrastructure services, LDAP interfaces, and case-sensitive IDs/passwords. The latter is a reluctant concession to promote interoperability with other systems, such as Unix and Linux. The underlying zSeries hardware works closely with RACF. For example, digital certificates are protected within tamper-proof cryptographic processors. Major mainframe subsystems, especially DB2 Version 8, use RACF to provide multi-level security (MLS).
Password Phrases#
Resource Access Control Facility RACF any password with 8 characters or less sets the RACF password for that user. Otherwise, it sets the Password Phrase for that user.Ran Across Today (2018-09-05)#
Ldapwiki heard that on RACF Password Policy, based on the underlying System Authorization Facility (SAF) that the password change interval was an 8 bit filed and therefore can only be 0-254 days.More Information #
There might be more information for this subject on one of the following:- [#1] - http://en.wikipedia.org/wiki/Resource_Access_Control_Facility
- based on 2013-04-10