Passticket support with CA Top Secret
Supporting pass tickets with CA Top Secret requires the following definitions.
Add the PTKTDATA class to the RDT
TSS ADDTO(RDT) RESCLASS(PTKTDATA) RESCODE(n) ACLST(ALL,READ,UPDATE) MAXLEN(37)
Note: RESCODE should be in the range 101 to 13F to ensure that PTKTDATA is a prefixed resource class.
Add the ownership of the PassTicket resource (IRRPTAUTH)
TSS ADDTO(owner) PTKTDATA(IRRPTAUTH)
Define the application session key
TSS ADDTO(NDT) PSTKAPPL(name) SESSKEY(0123456789ABCDEF) SIGNMULTI
Note
The name must equal the value of the “Name” field linked to the “Passticket” field as defined in the Virtel transaction definition screen. This can be different to the ACB of the targeted Application name defined in “Application” field.
Permit access to the PassTicket resource
TSS PERMIT(stc‐userid) PTKTDATA(IRRPTAUTH.name) ACCESS(UPDATE)
Or
TSS PERMIT(stc‐userid) PTKTDATA(IRRPTAUTH.name.userid) ACCESS(UPDATE)
Note
The stc-userid is the ACID of any started task that requires access to the PassTicket resource such as CA LDAP.
The name is the same as in section 3.
The userid (if used) enables and controls PassTicket generation for specific users
Reference: CA Top Secret for z/OS