The use of Pass Tickets eliminates the transmission of passwords across network facilities in clear text. 

A pass ticket is a one-time only password substitute that is automatically generated by an authentication server, such as CA's Single Signon Option or IBM's Network Security Program or on behalf of a client workstation requesting access to a mainframe application, such as DB2.

Once a user is signed on to DB2/An Application, Pass Tickets may also be generated for applications subsequently accessed through DB2/The application. 

NOTE:  This document is specific to Top Secret. 

 Commands to Set Up Passtickets:
 
1.TSS ADDTO(NDT) PSTKAPPL(applname) SESSKEY(................) SIGNMULTI  

2.TSS ADD(dept) PTKTDATA(IRRPTAUT)
◦The Resource Class has a maximum Ownership of 8 characters.

3.The Resource can be permitted as one of the following, where 'applname' is the Application Name defined in the NDT and 'userid' is the Userid: ◦PTKTDATA(IRRPTAUTH.)
◦PTKTDATA(IRRPTAUTH.applname.)
◦PTKTDATA(IRRPTAUTH.applname.userid)

4. Authorize the applicaton to generate pass tickets:
◦TSS PER(serveracid) PTKTDATA(IRRPTAUTH.applname.acidname) ACCESS(UPDATE)  

 

Please reference the Top Secret Manuals at docops.ca.com. 
The most current version of the TSS documentation is available from the CA Top Secret for z/OS product page.