Define PassTicket support for RSE
The client's password or other means of identification, such as
an X.509 certificate is used only to verify the identity upon connection.
After a connection is established, PassTickets are used to maintain
thread security. PassTickets are system generated passwords with a
lifespan of about 10 minutes. The generated PassTickets are based
upon a secret key. This key is a 64-bit number (16 hex characters).
Replace in the sample RACF® commands
below the
key16 variable with a user-supplied 16
character hex string (characters 0-9 and A-F). Note: If the
PTKTDATA class
is already defined, before creating the listed profiles, verify that
it is defined as a generic class. The support for generic characters
in the PTKTDATA class was introduced in z/OS® version 1.7, with the
introduction of a Java™ interface
to PassTickets.RDEFINE PTKTDATA FEKAPPL UACC(NONE) SSIGNON(KEYMASKED(key16)) APPLDATA('NO REPLAY PROTECTION – DO NOT CHANGE') DATA('IBM® EXPLORER FOR Z/OS')RDEFINE PTKTDATA IRRPTAUTH.FEKAPPL.* UACC(NONE) DATA('IBM EXPLORER FOR Z/OS')PERMIT IRRPTAUTH.FEKAPPL.* CLASS(PTKTDATA) ACCESS(UPDATE) ID(STCRSE)SETROPTS RACLIST(PTKTDATA) REFRESH
| Attention: The client connection
request fails if PassTickets are not set up correctly.
|