PassTicket with PassPhrase

book

Article ID: 191649

calendar_today

Updated On:

Products

CA Top Secret CA Top Secret - LDAP CA Web Administrator for Top Secret

Issue/Introduction

What will happen to a user configured to use passphrase accesses functions that generates a temporary passticket? Will it affect user’s overall passphrase authentication?

For example when a user accesses one of our applications a passticket is generated - followed by CICS Signon with generated temporary passticket. There is no user intervention.
1. Is the passticket 8 bytes or does it matter?
2. With a passphrase will the passticket generation need to change (to be longer) or with the passticket satisfy authentication of a passphrase? 
 

Environment

Release : 16.0

Component : CA Top Secret for z/OS

Resolution

Questons:
1. Is the passticket 8 bytes or does it matter?
Answer:
Passtickets are generated by IBM RACF callable service r_gensec or r_ticketserv, so it decides the length. 
2. With a passphrase will the passticket generation need to change (to be longer) or with the passticket satisfy authentication of a passphrase? 
Answer:
No, the passphrase will not need to change or be made longer. During signon, TSS checks to see if its a password/passphrase or passticket. He will first try signon with a passphrase/password. If the passphrase/password doesnt match, he will then try to validate the passticket. If the passtickets validation is successful, then the signon will complete. If not, the signon will fail.