How to Set Up Security for CA CSM with CA ACF2 for z/OS › How to Set Up SCS Address Space Security › Configure Pass Tickets › Example: Configure PassTickets for SCS Address Space on Remote Systems

Example: Configure PassTickets for SCS Address Space on Remote Systems

You can use CA ACF2 for z/OS to configure PassTickets on the remote systems where the SCS address space is running.

Follow these steps:

1. Enter the following commands to define the MSMCAPPL session keys:

   SET PROFILE(PTKTDATA) DIVISION(SSIGNON) 
   INSERT MSMCAPPL SSKEY(0123456789ABCDEF) NOMULT-USE
   

   MSMCAPPL

   Defines the session key for the SCS address space ID used during CA CSM Configuration processing. This name may have been overridden when you installed CA CSM, so it should reflect the real application name.

   Note: This example demonstrates a complete session key value of 16 hex digits (creating an 8-byte or 64-bit key). Change your key so that it consists of 16 random hex digits, and is different from the values shown in this example. Each application key must be the same on all systems in the configuration, and the values must be kept secret and secured.

2. Enter the following commands to enable READ access to the MSMCAPPL PassTicket key value:

   SET RESOURCE(PTK) 
   RECKEY IRRPTAUTH ADD(MSMCAPPL.stc-userid UID(uid-of-stc-userid) SERVICE(READ,UPDATE) ALLOW) 
   

   stc-userid and uid-of-stc-userid

   Specifies the user ID and UID associated with the SCS address space.

   Note: You can also use the ACFNRULE utility program to add rule lines to an existing rule. For more information about this option, see the CA ACF2 for z/OS Administration Guide.

3. Enter the following commands to complete the PassTicket setup on the remote systems:

   F ACF2,REBUILD(PTK),CLASS(P) 
   F ACF2,REBUILD(PTK)
   

You completed site preparation. Your system is ready to install CA CSM.