Using PassTickets
The ADFzCC server can be configured to use PassTickets for authenticated clients.
To exploit this feature, a client must first authenticate with a valid user ID and password or passphrase. Following a successful authentication, the server generates and use PassTickets for requesting clients. Such requests are valid for the period (in minutes) specified by the PASSTK configuration parameter.
- Specify the PASSTK parameter in your ADFzCC server configuration file. For a description of the parameter, see Configuration file keyword descriptions.
- The ADFzCC server must run APF-authorized. For more information about APF authorization and PassTickets, refer to the documentation for RACF or your equivalent security product.
- PassTickets are generated in association with an APPLID. For ADFzCC, the default APPLID is IPVAPPL.
If the APPL class is active, connecting users must have READ access to the relevant APPLID resource name in the APPL class. The APPLID resource name can be overridden by the APPLID parameter in the ADFzCC server configuration file, in which case, authorization checks are performed against the configured APPLID resource name.
- The server started task user ID must have the following authorizations to generate
PassTickets:
If the server has the necessary authority, message IPV0052I is generated at startup, otherwise, message IPV0050S is generated.SETROPTS CLASSACT(PTKTDATA) SETROPTS RACLIST(PTKTDATA) RDEF PTKTDATA IPVAPPL SSIGNON(KEYMASKED(yourmaskvalue)) RDEF PTKTDATA IRRPTAUTH.IPVAPPL.* UACC(NONE) PERMIT IRRPTAUTH.IPVAPPL.* ID(your.userid) ACCESS(UPDATE) CLASS(PTKTDATA) SETR RACLIST(PTKTDATA) REFRESH