Start of changeProtecting PassTicket keysEnd of change

Start of changePassTicket keys are sensitive and must be protected from unauthorized disclosure. Entities with access to the configured application PassTicket keys can generate valid PassTickets for that application.End of change

Start of changeWhen you define legacy PassTicket keys, RACF® either masks or encrypts each key. If the system has Start of changeICSFEnd of change installed and available, you can store PassTicket keys in ICSF for added protection. When you define enhanced PassTicket keys they must be stored in ICSF. For more information, see Storing legacy PassTicket Keys Masked in RACF and Storing PassTicket keys encrypted in ICSF.End of change