Using PassTickets

If your installation includes workstations and client machines that are operating in a client/server environment, you might want to use RACF® PassTickets to provide enhanced security across a network. A PassTicket provides an alternative to the RACF password and password phrase which allows workstations and client machines to communicate with a host without using a RACF password or password phrase.

Use of a PassTicket removes the need to send RACF passwords and password phrases across the network and allows you to move the user authentication part of signing on to a host from RACF to another product or function. End users of an application can use the PassTicket to authenticate their user IDs and log on to computer systems that contain RACF.

This chapter describes the PassTicket and how to set up the PassTicket environment. It includes information about:
  • Activating the PTKTDATA class
  • Defining profiles in the PTKTDATA class
  • Start of changeHow RACF processes the PassTicketEnd of change
  • Enabling the use of PassTickets
  • Start of changeAuditing the use of PassTicketsEnd of change

For information about the programming that is needed for an application to generate a PassTicket, see z/OS Security Server RACF System Programmer's Guide.