Define PassTicket support for RSE
The client's password or other means of identification, such as an X.509 certificate is used only to verify the identity upon connection. After a connection is established, PassTickets are used to maintain thread security. PassTickets are system generated passwords with a lifespan of about 10 minutes. The generated PassTickets are based upon a secret key. This key is a 64-bit number (16 hex characters). Replace in the sample RACF® commands below the
key16variable with a user-supplied 16 character hex string (characters 0-9 and A-F).
Note: If the
PTKTDATAclass is already defined, before creating the listed profiles, verify that it is defined as a generic class. The support for generic characters in the
PTKTDATAclass was introduced in z/OS® version 1.7, with the introduction of a Java™ interface to PassTickets.
RDEFINE PTKTDATA FEKAPPL UACC(NONE) SSIGNON(KEYMASKED(key16)) APPLDATA('NO REPLAY PROTECTION – DO NOT CHANGE') DATA('IBM® EXPLORER FOR Z/OS')
RDEFINE PTKTDATA IRRPTAUTH.FEKAPPL.* UACC(NONE) DATA('IBM EXPLORER FOR Z/OS')
PERMIT IRRPTAUTH.FEKAPPL.* CLASS(PTKTDATA) ACCESS(UPDATE) ID(STCRSE)
SETROPTS RACLIST(PTKTDATA) REFRESH
Attention: The client connection request fails if PassTickets are not set up correctly.