Topic
2 replies Latest Post - ‏2013-03-12T08:48:23Z by SystemAdmin
SystemAdmin
SystemAdmin
270 Posts
ACCEPTED ANSWER

Pinned topic Using passtickets in CICS Explorer

‏2013-02-28T09:46:26Z |
Hi,

at our shop we got a means to generate RACF passtickets based on the Users Windows-Credentials which we use for most accesses to z/OS systems. Currently CICSExplorer is one of the few Applications where the user still has to enter their RACF-Password.

Is there any way to create a plugin to enable the use of generated passtickets instead of using passwords?

Thanks for any suggestions.
Updated on 2013-03-12T08:48:23Z at 2013-03-12T08:48:23Z by SystemAdmin
  • JoeWinchester
    JoeWinchester
    32 Posts
    ACCEPTED ANSWER

    Re: Using passtickets in CICS Explorer

    ‏2013-03-07T10:17:42Z  in response to SystemAdmin
    Hi,

    Currently there is no way to use passtickets with the CICS Explorer. It's something we've always thought we would do when someone asked for it - so thanks for your post.

    One thing that passtickets do is prevent the need for a password to ever flow "in clear text across a network connection (and in theory be vulnerable to some kind of man in the middle attack). If your TCP/IP connection is set to use SSL, and if the CICS Explorer connection is set to use SSL, then we will never flow the password or user ID in the clear. We made some improvements in CICS Explorer 5.1 for security (which doesn't need CICS TS 5.1 - it connects to all inservice releases of CICS and is our most current release)

    I'm keen to learn about how you envisage this should work in the CICS Explorer - who is it that generates the passticket - is it the user of the application who generates one that you'd want to copy and paste into the explorer - or would the explorer user request the passticket and get e-mailed it - or would you want the CICS Explorer to generate the passticket and then use it ?

    Best regards and many thanks,
    Joe Winchester
    • SystemAdmin
      SystemAdmin
      270 Posts
      ACCEPTED ANSWER

      Re: Using passtickets in CICS Explorer

      ‏2013-03-12T08:48:23Z  in response to JoeWinchester
      Hi,

      thanks for your answer.

      For the most part this is about our developers convenience.

      The plan runs along the following lines:
      When CICS-Explorer tries to establish a CICS-Connection it contacts our own Passticket-Factory that int the authenticates the user based on its Windows-Session (via Kerberos) and provides the passticket that is then used in the CICS-Request.

      My current thougts revolve around something like the ability to provide our own credentials-type via some plugin, so we would need an extension-point somewhere round there.

      Thanks in advance for considering this issue.

      Regards

      piet