Does CA Dispatch support Pass Tickets and/or Pass Phrases for logon

book

Article ID: 128988

calendar_today

Updated On:

Products

CA Dispatch Output Mgmt

Issue/Introduction

Does CA Dispatch support use of Pass Tickets and/or Pass Phrases when logging on?

Environment

z/os
Dispatch
11.7
RACF
ACF2
Top Secret

Resolution

The answer actually depends on whether you are using CA Dispatch's INTERNAL security method or if you are using EXTERNAL security with CA Dispatch. Most, if not all CA Dispatch customers use EXTERNAL security.

* If using CA Dispatch’s INTERNAL security method, then CA Dispatch’s INTERNAL security functionality would be prompting users to enter their password. Under this circumstance, CA Dispatch DOES NOT SUPPORT use of pass tickets or pass phrase. 

* If logging on to CA Dispatch through an already secured path (such as TSO, ISPF, CICS), then inherently CA Dispatch would provide support for use of a Pass Ticket or a Pass Phrase. This is basically because CA Dispatch is not actually prompting users for a password. The EXTERNAL security package is. And consequently, it's the EXTERNAL security package that has to support use of a Pass Tickets or a Pass Phrase.

IMPORTANT NOTE:

* The only exception to the above is a logon through VTAM (either native VTAM or via a session manager) using a PASS PHRASE that is more than 8 characters long. In the event you are logging on and using a PASS PHRASE that exceeds 8 characters in length, you will need to apply CA Dispatch release 11.7 apars SO12180 and SO12181. Please refer to knowledge article id: 190624 for more information. 

CA Dispatch does not require any maintenance or configuration modifications to support Pass Tickets/Phrase when customers have configured CA Dispatch to use EXTERNAL security, are using up to an 8 character Pass Ticket/Phrase, and have AUTOSIGNON turned on. 

The following example demonstrates how a logon to CA Dispatch using external security and an 8 character "Pass Ticket" would work. In the example below, the customer is using CA Top Secret as their EXTERNAL  security package and is logging on to CA Dispatch through a VTAM session manager (TPX):

1. Customer signs on to TPX via a secured signon method (using an 8 character pass ticket) .
2. He selects the CA Dispatch option/applid from his TPX menu. 
3. Either through his TPX defined “session data” or through their sites TPX ACS routines, TPX passes the users logon credentials (the word “HI” in conjunction with the users userid and password/pass ticket) to CA Dispatch. 
4. CA Dispatch does a #SECUR call to the Common Services CAISSF component and passes the users userid and password that was given to us by TPX. 
5. CAISSF then takes those same user credentials and passes them up to CA Top Secret via a RACROUT call. 
6. CA Top Secret determines whether or not, based on the credentials that were passed, the user will be allowed to signon to CA Dispatch.

Additional Information

* Note *

Passphrase logons via DRAS and via Web Viewer are not supported.