Previous Topic: Example: Configure PassTickets for CA CSM Application ServerNext Topic: UNIX Socket Requirements

SCS Address Space AdministrationSCS Address Space Security SetupPass TicketsIBM RACF PassTicket ExamplesExample: Configure PassTickets for SCS Address Space on Remote Systems

Example: Configure PassTickets for SCS Address Space on Remote Systems

You can use IBM RACF to configure PassTickets on the remote systems where the SCS address space is running.

Follow these steps:

  1. Activate the PassTicket class: 
    SETROPTS CLASSACT(PTKTDATA) 
SETROPTS RACLIST(PTKTDATA)
  2. Define a profile for the application and specify the session key: 
    RDEFINE PTKTDATA MSMCAPPL SSIGNON(KEYMASKED(0123456789ABCDEF)) UACC(NONE)
    MSMCAPPL

    Defines the session key for the SCS address space ID used during CA CSM Configuration processing. This name may have been overridden when you installed CA CSM, so it should reflect the real application name.

    Note: This example demonstrates a complete session key value of 16 hex digits (creating an 8-byte or 64-bit key). Change your key so that it consists of 16 random hex digits, and is different from the values in this example. Each application key must be the same on all systems in the configuration, and the values must be kept secret and secured.

  3. Permit access to the MSMCAPPL PassTicket session key value for the SCS address space Started Task user ID: 
    RDEFINE IRRPTAUTH.MSMCAPPL.stc-userid CLASS(PTKTDATA) UACC(NONE)
    stc-userid

    Specifies the SCS address space Started Task user ID.

  4. Refresh the PTKTDATA class: 
    SETROPTS RACLIST(PTKTDATA) REFRESH