PassTicket replay protection considerations

You can bypass PassTicket replay protection, which you might do if you have multiple end-users sharing the same user ID.

If you have multiple users with the same user IDs, it is possible for them to request access to an application during the same time interval. In this situation, the same PassTicket is generated for different users. As a result, if PassTicket replay protection is not bypassed, the users will be using the same PassTicket and be denied access to the application. Bypassing the PassTicket replay protection allows the same PassTicket to be used by multiple users.

Similarly, if you are stress testing your system where there is no think time driving requests to IMS Connect and have numerous requests to the same application occurring in the same time interval, you may want to consider bypassing PassTicket replay protection. This option allows the same PassTicket to be used within a ten minute period.

You can specify NO REPLAY PROTECTION in the APPLDATA field of the PTKTDATA profile for one or more of the selected applications to allow the same PassTicket to be generated within a ten minute period.

For additional information about no replay options, see Protecting General Resources in the z/OS® Security Server RACF Security Administrator's Guide.