CA Roscoe - New Security Enhancement - Support for Passticket Authentication

Document ID : KB000019807
Last Modified Date : 14/02/2018
Show Technical Document Details

Introduction: 

APAR RO58078 SECURITY - ADD SUPPORT FOR PASSTICKET introduces PassTicket Support for CA Roscoe

Background:  

What is a PassTicket?

PassTickets are cryptographically-generated, single-use passwords valid for only a very short period of time. They are inherently more secure than traditional passwords.

Environment: 

CA ACF2, IBM RACF, CA Top Secret

Instructions:

What is the Roscoe PassTicket support?

This solution implements support of the generated one-time PassTicket passwords with security packages CA TSS, IBM RACF and CA ACF2. You can use regular

passwords, Passticket or a mixture. CA Roscoe calls the resident Access Control Program (ACP) for userid/password authentication to support this type of PassTicket login.

How to Use PassTicket Support with CA Roscoe

  • Set up PassTicket Support in your Security System
  • You must be running External Security with CA Roscoe: a minimum setting of ACFEXT=YES and EXTSEC=TOPS, ACF2 or RACF
  • Apar RO58078 SECURITY - ADD SUPPORT FOR PASSTICKET for CA Roscoe must be applied
  • Generate a PassTicket
  • Use the PassTicket Generated in the password field when signing into CA Roscoe
  • Roscoe calls your security package to verify the password
  • Your security package will determine whether you have entered a regular password or a PassTicket and will process it accordingly