Previous Topic: Example: Use CA ACF2 to Configure PassTicketNext Topic: Example: Use IBM RACF to Configure PassTicket

How to Configure PassTicket for CA Insight Database Performance MonitorConfigure PassTicket in ESMExample: Use CA Top Secret to Configure PassTicket

Example: Use CA Top Secret to Configure PassTicket

Note: This example is provided as a guideline. For detailed information about using these commands, see the CA Top Secret for z/OS Command Functions Guide.

You want to configure PassTicket for the DB2TOOLS application. DB2TOOLS is the application name (appl_name) that is used in this example.

Follow these steps:

Note: If the PTKTDATA class and ownership for the PassTicket resource IRRPTAUTH have been defined, skip Step 1 and Step 2.

  1. Update the Resource Descriptor Table (RDT) to define the PTKTDATA class by entering the following command: 
    TSS ADDTO(RDT) RESCLASS(PTKTDATA) RESCODE(n) ACLST(ALL,NONE,READ,UPDATE) MAXLEN(37) MAXOWN(9)
  2. Assign the ownership of the IRRPTAUTH PassTicket resource: 
    TSS ADDTO(department) PTKTDATA(IRRPTAUTH)
    department

    Identifies a preexisting department.

  3. Set up the host system to accept PassTicket:
    1. Define the application resource, and assign the ownership: 
      TSS ADDTO(department) APPLICATION(DB2TOOLS)

      The application is defined to this department. This ownership lets a department administrator (or higher) define permissions for generating and validating PassTicket.

    2. Update the Node Descriptor Table (NDT) to associate a session key with DB2TOOLS: 
      TSS ADDTO(NDT) PSTKAPPL(DB2TOOLS) SESSKEY(session_key) SIGNMULTI
      session_key

      Defines a session (encryption) key using 16 hexadecimal digits (creating an 8-byte or 64-bit key). Use a site-specific key value. Keep the value secret.

      Example: 0123456789ABCDEF

      The CA Insight DPM session key is defined. The same PassTicket can be reused multiple times.

  4. Complete the following steps for the user ID of the WILYZOS job:
    1. Enable the job to generate PassTicket for the DB2TOOLS application: 
      TSS PERMIT(wilyzos_user_id) PTKTDATA(IRRPTAUTH.DB2TOOLS.) ACCESS(READ,UPDATE)

      This step gives CA Cross-Enterprise APM permission to use the session key value to generate PassTicket.

    2. Permit access to the application: 
      TSS PERMIT(wilyzos_user_id) APPLICATION(DB2TOOLS)
  5. Permit access to the application for each user that is permitted to access the CA Insight DPM data: 
    TSS PERMIT(useridn) APPLICATION(DB2TOOLS)
    useridn

    Specifies the user ID of the user requesting access to CA Cross-Enterprise APM.

    This step gives specific users access to DB2 performance data, including the ability to validate PassTickets that are generated using the session key value.

The WILYZOS job can generate PassTicket for the specified user IDs.