Overview #Resource Access Control Facility (RACF) is a provides the tools to help the installation manage access to critical resources.
Resource Access Control Facility fulfills the main features:
- Identification and verification of a user via UserId and password check (authentication)
- Identification, classification and protection of system resources
- Maintenance of access rights to Protected Resources (authorization)
- Control the means of access to Protected Resources
- Logging of accesses to a protected system and Protected Resources (auditing)
Resource Access Control Facility establishes security policies rather than just permission records. It can set permissions for file patterns — that is, set the permissions even for files that do not yet exist. Those permissions are then used for the file (or other object) created at a later time.
Resource Access Control Facility has continuously evolved to support such modern security features as digital certificates/Public Key Infrastructure services, LDAP interfaces, and case-sensitive IDs/passwords. The latter is a reluctant concession to promote interoperability with other systems, such as Unix and Linux. The underlying zSeries hardware works closely with RACF. For example, digital certificates are protected within tamper-proof cryptographic processors. Major mainframe subsystems, especially DB2 Version 8, use RACF to provide multi-level security (MLS).RACF any password with 8 characters or less sets the RACF password for that user. Otherwise, it sets the Password Phrase for that user.
Ran Across Today (2018-09-05)#Ldapwiki heard that on RACF Password Policy, based on the underlying System Authorization Facility (SAF) that the password change interval was an 8 bit filed and therefore can only be 0-254 days.
More Information #There might be more information for this subject on one of the following:
- [#1] - http://en.wikipedia.org/wiki/Resource_Access_Control_Facility - based on 2013-04-10