A product or function that generates a PassTicket must use the RACF® PassTicket generator algorithm.
This algorithm requires specific information as input data and produces
a PassTicket that substitutes for a specific end-user RACF password. RACF uses
the PassTicket to authenticate the end-user for a specific application
running on a specific system that uses RACF for
identification and authentication.
There are four ways to generate and evaluate a PassTicket using
- If the function using the secured signon capabilities
is running on a z/OS® system,
you can use the RACF secured signon service
to generate the PassTicket. The algorithm is already incorporated
into the service and allows RACF to
generate a PassTicket on the host. An authorized program, such as
one authorized by the authorized program facility (APF), can use the
service to generate PassTickets. See Using the service to generate a PassTicket for
- For any function that generates a PassTicket, you can create a
program that incorporates the algorithm. See Incorporating the PassTicket generator algorithm into your program for
- You can use the
r_ticketserv and r_gensec callable services. This interface supports
problem state callers, and both 31-bit and 64-bit callers. For more
information about these callable services, see z/OS Security Server RACF Callable Services.
- Java™ code can use a Java interface that uses a Java Native Interface (JNI) and calls the r_ticketserv
and r_gensec callable services. For information about this interface,
see the JavaDoc shipped in the IRRRacfDoc.jar file, which is installed
into the directory /usr/include/java_classes. Download the jar file
to a workstation, un-jar it, and read it with a Web browser.