Protecting PassTicket keys
PassTicket keys are sensitive and must be protected from unauthorized disclosure. Entities with access to the configured application PassTicket keys can generate valid PassTickets for that application.
When you define legacy PassTicket keys, RACF® either masks or encrypts each key. If the system has ICSF installed and available, you can store PassTicket keys in ICSF for added protection. When you define enhanced PassTicket keys they must be stored in ICSF. For more information, see Storing legacy PassTicket Keys Masked in RACF and Storing PassTicket keys encrypted in ICSF.