DB2 PassTicket Setup

Document ID : KB000123087
Last Modified Date : 17/12/2018
Show Technical Document Details
Introduction:
The use of Pass Tickets eliminates the transmission of passwords across network facilities in clear text. 

A pass ticket is a one-time only password substitute that is automatically generated by an authentication server, such as CA's Single Signon Option or IBM's Network Security Program or on behalf of a client workstation requesting access to a mainframe application, such as DB2.

Once a user is signed on to DB2, Pass Tickets may also be generated for applications subsequently accessed through DB2. 

NOTE:  This document is specific to Top Secret. 
Instructions:
For Top Secret, the required NDT rules in place.  
  
Reference the Top Secret Manuals on docops.ca.com.

The most current version of the TSS documentation is available from the CA Top Secret for z/OS product page.

1.TSS ADDTO(NDT) PSTKAPPL(applname) SESSKEY(................) SIGNMULTI  

2.TSS ADD(dept) PTKTDATA(IRRPTAUT)
◦The Resource Class has a maximum Ownership of 8 characters.

3.The Resource can be permitted as one of the following, where 'applname' is the Application Name defined in the NDT and 'userid' is the Userid: ◦PTKTDATA(IRRPTAUTH.)
◦PTKTDATA(IRRPTAUTH.applname.)
◦PTKTDATA(IRRPTAUTH.applname.userid)

4.And finally, authorize to generate pass tickets:
◦TSS PER(serveracid) PTKTDATA(IRRPTAUTH.applname.acidname) ACCESS(UPDATE)  

 
Additional Information:
Please reference the Top Secret Manuals: Top Secret User Guide and the Top secret Cookbook.

The most current version of the TSS documentation is available from the CA Top Secret for z/OS product page.