Db2 support for RACF PassTickets
Db2 supports the ability to send and receive RACF PassTicketsto authenticate a user who is accessing a Db2 server.
RACF PassTickets are one-time-only passwords that are generated by a requesting product or function. They are an alternative to the RACF password and password phrase that removes the need to send RACF passwords and password phrases across the network in clear text. They make it possible to move the authentication of a mainframe application user ID from RACF to another authorized function executing on the host system or to the workstation local area network (LAN) environment.
Db2 supports the following uses of RACF PassTickets
- Sending PassTickets with remote requests to a remote Db2 subsystem or data sharing group
- Receiving PassTickets from a remote Db2 subsystem or data sharing group
- Receiving PassTickets for sysplex WLB-enabled clients
- Configuring Db2 data sharing groups for member-specific and group access with RACF PassTickets
Enabling Db2 to receive RACF PassTickets for authenticating protected user IDs (deprecated)1
Notes:
- Receiving RACF PassTickets for authentication of RACF protected user IDs is deprecated. This deprecation does not apply to RACF PassTickets in general or any other use for them in Db2 for z/OS®.