Creating and using a RACF PassTicket

When you call RACF®, a general PassTicket generator algorithm uses special input information to create a unique PassTicket. The PassTicket is an 8-character alphanumeric string that contains the characters A through Z and 0 through 9.

The algorithm generates a PassTicket using the following four input values:
  • A RACF host user ID
  • The PTKTDATA class profile name (also known as the application id)
  • The RACF Secured Signon application key, which is contained in the PTKTDATA profile
  • The required time and date input data from the application that is providing the logon function
    Requirement: For RACF to properly evaluate PassTickets, the TOD clock must be set to GMT rather than local time.
Start of changeFor Java™ Database Connectivity (JDBC) applications that connect to IMS DB by running the SQL Batch utility, the utility generates a PassTicket if all of the following conditions are met:
  • Both the IRRRacf.jar and ibmjzos.jar files are in the job's class path.
  • In the applName URL property of the DriverManager.getConnection method, the 1- to 8-character application name that is defined to RACF in the PTKTDATA class for DRDA client access to IMS DB is specified.
  • The following values are the same as each other:
    • The value of the applName URL property of the DriverManager.getConnection method.
    • The value of the APPL= parameter of the ODACCESS statement, which is in the HWSCFGxx member of the IMS PROCLIB data set.
  • On the JOB statement of the JCL for the SQL Batch utility, the z/OS® user ID that is associated with the job is specified.
End of change