PassTicket Definition

Controlling Access › Network Entry Monitoring › PassTicket Definition

PassTicket Definition

The NDT contains all PassTicket application and session key-related node information. The NDT is a global record similar to the Resource Descriptor and Field Definition Tables.

To define PassTickets to CA Top Secret:

Identify each application that can accept a PassTicket and assign that application a unique password called a session key.
Add this information to the NDT using the PSTKAPPL and SESSKEY keywords. You must supply both keywords.

To define a PassTicket, enter the command:

TSS ADDTO(NDT) PSTKAPPL(ApplID)
               SESSKEY(cccccccccccccccc)
               SIGNMULTI

PSTKAPPL

Defines the application ID. Depending on the application, the secured sign on function uses a specific method to determine the application ID:

For CICS, IMS, or APPC applications, the application ID is defined using the standard naming conventions used to define these applications in a VTAM APPL statement.
For TSO, the application ID is defined by prefacing the SMF identifier of the system with the characters "TSO". For example, TSOXE05 is the application ID for TSO on machine MVXE05. The SMF system ID resides in the SMFPRMxx member of SYS1.PARMLIB.
For z/OS batch jobs that include TSS passwords in the JCL, replace the password with a PassTicket. The application ID for batch jobs is defined by prefacing the SMF identifier of the system with the characters "MVS". For example, MVSXE05 is the application ID for all batch jobs on machine MVXE05.

SESSKEY

Defines an encryption key for the application in the format of 16 hexadecimal digits.

Length: 8 bytes

SIGNMULTI

(Optional) The equivalent of RACF operand APPLDATA('NO REPLAY PROTECTION'). SIGNMULTI allows the same PassTicket to be used multiple times.

Example: define a PassTicket

This example creates a PassTicket for TSO that consists of the literal 'TSO' and a four-character SMFID. The SMFID is SYSA; therefore, the PassTicket for that system is TSOSYSA. The session key is 296LFD.

TSS ADDTO(NDT) PSTKAPPL(TSOSYSA)
               SESSKEY(296LFD)
               SIGNMULTI