Does Pass Ticket work in TPX when the user's session field ACL Userid has a value specified? (ACLUSER)
ACL Userid specifies the one- to eight-character user ID that the ACLPGM uses as the &USERID parameter for this session.
ACL Userid can be specified for a session at the user or profile level.
When a passticket user selects a session that has a userid defined in field ACL Userid, the signon is rejected by TPX and not attempted. This error is written to the TPX LOG:
TPXL0926 ACLUSER FIELD INVALID FOR PASSTICKET : GEN FAILED
FOR USERID: <userid> SESSION: TSO ACLUSER: USERACL
Pass ticket user is successful for sessions with no ACL Userid.
Password user is successful for sessions with or without an ACL Userid defined.
No, it would be a serious security breach to allow this.
Pass ticket or qualified pass ticket use is not permitted with a different userid than the userid used to sign on to the product under which the session request is being made.
The authorization is impossible to verify. Session setup fails.
You must either set the Passticket or Qualified Passticket to No or remove the acluser (ACL Userid) in the session definition.