Protecting PassTicket keys![End of change](./deltaend.gif)
PassTicket keys are sensitive and must be protected from
unauthorized disclosure. Entities with access to the configured application PassTicket keys can
generate valid PassTickets for that application.
When you define legacy PassTicket keys, RACF® either masks or encrypts each key. If the system has
ICSF
installed and available, you can store PassTicket keys in ICSF for added protection. When
you define enhanced PassTicket keys they must be stored in ICSF. For more information, see Storing legacy PassTicket Keys Masked in RACF and Storing PassTicket keys encrypted in ICSF.