SCS Address Space Administration › SCS Address Space Security Setup › Pass Tickets › CA ACF2 for z/OS PassTicket Examples › Example: Configure PassTickets for SCS Address Space on Remote Systems

Example: Configure PassTickets for SCS Address Space on Remote Systems

You can use CA ACF2 for z/OS to configure PassTickets on the remote systems where the SCS address space is running.

Follow these steps:

1. Define the MSMCAPPL session keys:

   SET PROFILE(PTKTDATA) DIVISION(SSIGNON) 
   INSERT MSMCAPPL SSKEY(0123456789ABCDEF) NOMULT-USE
   

   MSMCAPPL

   Defines the session key for the SCS address space ID used during CA CSM Configuration processing. This name may have been overridden when you installed CA CSM, so it should reflect the real application name.

   Note: This example demonstrates a complete session key value of 16 hex digits (creating an 8-byte or 64-bit key). Change your key so that it consists of 16 random hex digits, and is different from the values in this example. Each application key must be the same on all systems in the configuration, and the values must be kept secret and secured.

2. Enable READ access to the MSMCAPPL PassTicket key value:

   SET RESOURCE(PTK) 
   RECKEY IRRPTAUTH ADD(MSMCAPPL.stc-userid UID(uid-of-stc-userid) SERVICE(READ,UPDATE) ALLOW) 
   

   stc-userid and uid-of-stc-userid

   Specifies the user ID and UID associated with the SCS address space.

   Note: You can also use the ACFNRULE utility program to add rule lines to an existing rule. For more information about this option, see the CA ACF2 for z/OS Administration Guide.

3. Complete the PassTicket setup on the remote systems:

   F ACF2,REBUILD(PTK),CLASS(P) 
   F ACF2,REBUILD(PTK)