Using an SAF Product for PassTicket Authorization

To have an SAF product perform PassTicket authorization, code OPERSEC with a value of SAFPW, SAFCHECK, or SAFDEF. To change existing password security, see Scenario 2: Converting Operator Passwords. Using an SAF product to validate an operator PassTicket provides the following advantages over password usage:

PassTickets are generated when needed, so the character string cannot be predicted.
The password itself is not passed in the data stream, allowing for better network security.

To configure your SAF product for use with PassTickets, follow the procedures outlined in the appropriate SAF product documentation. When defining a PassTicket profile, the application name for NetView operator IDs depends on the value of OPERSEC:

For an OPERSEC value of SAFPW or SAFCHECK, the NetView program does not provide an application name. Therefore, the SAF product uses the default name. For RACF, this is the name used for batch programs, which consists of the characters MVS followed by the SMF ID of the system.
For an OPERSEC value of SAFDEF, the NetView program uses an application name of the NetView domain name.

You can change the actual password or password phrase for a NetView operator from the logon panel, even if a PassTicket is used to logon. See Using an SAF product for password authorization for more information about changing passwords.