Kerberos support

CICS® Transaction Server for z/OS® provides support for Kerberos.

CICS supports Kerberos using the external security manager (ESM). The level of support depends on the support provided by the ESM. If your ESM is RACF®, support is based on Kerberos Version 5 and Generic Security Services (GSS).

CICS can verify a Kerberos token by configuring a service provider pipeline or by using the API command VERIFY TOKEN.

The Kerberos service is enabled in the region by setting the KERBEROSUSER system initialization parameter. When you specify KERBEROSUSER, use a non-protected user ID to be associated with the Kerberos service principal for the CICS region.