Important! If you are installing CA Chorus for Security and Compliance Management, PassTickets are needed for the CA Chorus server to connect to the following functions. If you are using CA ACF2 or CA Top Secret, PassTicket configuration was already completed in the E1MIA021 for CA ACF2 or the E1MIT021 for CA Top Secret job. If you are using IBM RACF, see Use IBM RACF to Configure PassTickets for Database Connections and Use IBM RACF to Configure PassTickets to Connect to CA LDAP Server.
PassTickets are required for users to access the z/OS components and products that CA Chorus and its supported disciplines use. A PassTicket is a temporary encoded and encrypted substitute for the user password that can be used to access a specific application. The PassTicket must be used within ten minutes of the time it is generated.
Using PassTickets enables the z/OS components and products to authenticate a user ID without sending z/OS passwords through the network. Instead, the user is authenticated after they first log in with a valid z/OS user ID and password. The following process occurs when the user selects a function that accesses a z/OS component:
The CA Chorus web service calls the z/OS security product to generate a PassTicket for access authorization.
The PassTicket is sent with the user request to the component, possibly on a different z/OS system.
The component calls the z/OS security product to authenticate the user using the PassTicket as a password substitute before processing the request.
Configuration information for local and remote systems is provided in PassTicket Configuration for CA Chorus Systems.
|
Copyright © 2014 CA Technologies.
All rights reserved.
|
|