These sessions are all pointing to the same applid, CICE, which is in the ACT and defined as a PASSTICKET application. Activating them one at a time works, however, when starting all four at once the first session of the four activates, but the remaining 3 will not get activated normally. Why is the behavior different when all are select, compared to when selected individually.
Environment
Release : 5.4 Component : CA-TPX for Z/OS
Resolution
By default Pass Ticket replay protection is active in RACF. RACF does not allow the same passticket to be used more than once within a 10 minute time period.
The option to bypass Pass Ticket replay protection allows the plus-or-minus-10-minute Pass Ticket replay protection to be bypassed for selected applications or combinations of selected applications, users, or groups.
Update RACF PTKTDATA profile for APPLDATA field by ADDing text string 'NO REPLAY PROTECTION'.
APPLDATA(‘NO REPLAY PROTECTION’) Allows reuse of the same PassTicket multiple times, in the allowed plus or minus 10 minutes.
You may use the option to bypass PassTicket replay protection when the threat of PassTicket replay is not a security concern, such as in the following cases:
- Multiple end-users who share the same user ID - Trusted registry domains that exchange PassTickets as a method of establishing trust - Applications that request PassTickets for a particular USERID/APPLID combinationmore than once during a one-second time interval.