Defining Profiles in the PTKTDATA Class

For each application that users can gain access to with the PassTicket, you must create at least one profile in the PTKTDATA class. The profile associates a secret secured signon application key with a particular application on a particular system.

To define the profile, use the RDEFINE command:

RDEFINE PTKTDATA profile_name
        SSIGNON(key_description)
        UACC(access_authority)

where:

PTKTDATA: specifies the PassTicket Key class.
profile_name: is the name of the profile (see Determining Profile Names).
For the PTKTDATA class, the profile must be a discrete profile. Because each application must be uniquely defined, you cannot specify a generic profile in the PTKTDATA class. If you specify a generic profile, it is ignored during PassTicket processing for the application, and PassTickets cannot be used to authenticate users for that application.
key_description: defines the secured signon application key and specifies the method RACF® is to use to protect it in the RACF database on the host. You can specify either masking or encryption for the method (see Protecting the Secured Signon Application Keys).
Secured signon keys are 64-bit Data Encryption Standard (DES) keys. With DES, 8 of the 64 bits are reserved for use as parity bits, so those 8 bits are not part of the 56-bit key. In hexadecimal notation, the DES parity bits are: X'0101 0101 0101 0101'. Any two 64-bit keys are equivalent DES keys if their only difference is in one or more of these parity bits.
access_authority: is the universal access authority to be associated with the resource protected by this profile. By default, the UACC is NONE for the PTKTDATA class.

After a profile in the PTKTDATA class has been created, you can change it with the RALTER command, which is similar in syntax to the RDEFINE command:

RALTER PTKTDATA profile_name
       SSIGNON(key_description)
       UACC(access_authority)