Using a Kerberos security token in a 3270 emulator sign-on
The use of Kerberos provides stronger security because passwords are not required to flow over the network.
The process is described as follows:
- The Client terminal emulator applies to a Kerberos authentication server to obtain a Kerberos token.
- The Kerberos token is returned to the Client terminal emulator, and the content is encoded in Base64 format.
- The token is then forwarded in a message to the CICS® server, where a sign-on transaction receives the Base64 encoded Kerberos token and issues the SIGNON TOKEN command.
- The RACF® Kerberos registry validates the Kerberos token and returns the associated RACF USERID to CICS. This USERID is associated with the terminal session for subsequent tasks.
Note: Logon data cannot be used to send the Kerberos token since it
is limited to 255 characters.