CA Gen client/server applications have no direct support for Kerberos authentication but can indirectly support Kerberos by customisation of the security user exits to use Enhanced Security with security token as follows:
1. The Enhanced Security and token parameters should be set in the client side user exit.
For example for Gen Windows GUI clients the user exit source WREXITN.C contains function WRSECTOKEN. In that function a return code of SecurityUsedEnhanced
needs to be set and token parameters token
need to be set. ONLY
if using a Gen Client Manager or a Communications Bridge does the parameter bClntMgrSecurity
need to be changed from default of FALSE to TRUE.
More details can be found in the user exit comments and documented here:https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-mainframe-software/devops/ca-gen/8-6/reference/user-exits/windows-c-user-exits/windows-gui-client-user-exits/wrsectoken-client-security-token-user-exit-windows.html
2. The security token would then be authenticated by adding required code to the corresponding server side exit e.g. for Gen CICS servers the user source is TIRSECVX and more details can be found in the user exit comments and documented here::https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-mainframe-software/devops/ca-gen/8-6/reference/user-exits/z-os-user-exits/z-os-server-user-exits-cics/tirsecvx-server-client-security-validation-exit.html