RACF PassTicket for IMS Connect Client connections to IMS OM
You can use RACF PassTickets as an alternative to passwords to authenticate user IDs for IMS Connect client connections to IMS Operations Manager (OM) for command requests.
PassTickets are an alternative to RACF® passwords and password phrases and provide better security because PassTickets remove the need to send passwords and password phrases across the network in clear text.
For PassTicket support, you are responsible for all definitions to RACF. You need to establish the RACF PassTicket generation routine and to supply the routine to the distributed platform. To use RACF PassTickets, specify the PassTicket in the IRM in place of the password and also specify the application name.
For IMS Connect API for Java clients, the ICON API does not generate RACF PassTickets. Clients
are responsible for generating the PassTickets and setting it in the command request message by
issuing the TmInteraction.setRacfPassword()
method. Clients must also specify the
application name by issuing TmInteraction.setRacfApplName()
.
- The client generates the RACF PassTicket and specifies it in the command request in the
IRM_RACF_PW
field. It also specifies the application name in theIRM_APPL_NM
field. - The client creates a connection to IMS Connect and sends the command request with the generated PassTicket, user ID and application name to IMS Connect.
- IMS Connect issues the
RACROUTE REQUEST=VERIFY
call to RACF to authenticate the user ID of the client connection. On the RACFRACROUTE REQUEST=VERIFY
call, IMS Connect includes the following information:- The RACF PassTicket and user ID sent from the client.
- The application name sent from the client.
Note: The application name should be defined to theRACF PTKTDATA
class. The user ID should be permitted access to this application name.
Procedure
To use a RACF PassTicket from an IMS Connect client to IMS OM, you need to define the PassTicket class, application profile, application name and user ID in RACF. Perform the following steps: