RACROUTE REQUEST=VERIFY: Identify and Verify a RACF-Defined User

The RACROUTE REQUEST=VERIFY macro provides RACF® user identification and verification. The macro instruction identifies a user and verifies that the user is defined to RACF and has supplied at least one of the following:

a valid password
a valid password phrase
a valid MFA credential

You can protect applications by using profiles in the APPL class along with this macro to control the users able to use applications. For more information on protecting applications, see z/VM: RACF Security Server Security Administrator's Guide.

The following order of priority exists for replacing the fields in the existing TOKEN:

Keywords specified on the request take precedence over corresponding fields in the TOKNIN and STOKEN parameters.
All fields within the token specified by the TOKNIN keyword take precedence over those specified by STOKEN.
The fields for the submitter's ID, submitter's group, submit node, execution node, session, port of entry and its class, as obtained from the token specified by the STOKEN keyword are last.

If you do not want certain fields overridden, do not specify keywords for those fields.

When RACF is installed, the caller of RACROUTE REQUEST=VERIFY must have at least UPDATE authority to the ICHCONN profile in the FACILITY class. For details on the ICHCONN profile, see Authorization to Issue RACROUTE Requests.