IMS Connect support for RACF

IMS Connect can be configured to call RACF® directly and to support RACF PassTickets.

By default, IMS Connect does not call RACF. When IMS Connect is configured to call RACF, IMS Connect can validate the user IDs and passwords on incoming messages with RACF directly.

When configured for direct RACF support, IMS Connect also supports RACF PassTickets.

If RACF is configured to support mixed-case passwords, you can also configure IMS Connect to support mixed-case password support in IMS Connect.

IMS Connect calls RACF by issuing the RACF command RACROUTE REQUEST=VERIFY to verify the user IDs and passwords received from clients in the IRM of incoming messages. You can also define a default RACF ID for IMS.

If a RACF security failure occurs, IMS Connect includes the return code from the RACROUTE REQUEST=VERIFY command in the request status message (RSM) for diagnostic purposes.

If RACF is used to verify sign-ons from IMS Connect clients and the user ID or password provided is invalid, you can enable a generic return code or message to be returned by IMS Connect instead of the actual RACF or IMS return code. By enabling a generic return code or message to be returned, you can inhibit access to information about RACF-verified sign-ons until valid user IDs and passwords are provided.

If you configure IMS Connect to call RACF, evaluate the impact of the RACF calls on IMS Connect performance. Consider enabling the RACF user ID cache to improve performance.