The following RACF commands are provided to set up PTKTDATA for Pass Ticket for ChangeMan software. What are the Top Secret equivalents?
RACF Administration Required
Activate the PTKTDATA class by entering:
SETROPTS CLASSACT(PTKTDATA) RACLIST(PTKTDATA)
Refresh the PTKTDATA class by entering:
SETROPTS RACLIST(PTKTDATA) REFRESH
Create a profile in the PTKTDATA class by entering:
RDEFINE PTKTDATA SERNET SSIGNON(user_must_choose) APPLDATA(’NO
REPLAY PROTECTION’)
For further information. refer to the appropriate IBM RACF manual for further information,
for example "Defining Profiles in the PTKTDATA Class", in the manual z/OS Security
Server RACF Security Administrator's Guide.
What should be placed in the SSIGNON field?
Is there a way to tell if PTKTDATA has been defined to Top Secret?
Release : 15.0
Component : CA Top Secret for z/OS
* TSS LIST(RDT) RESCLASS(PTKTDATA) can be issued to confirm whether or not the PTKTDATA resource class is defined to TSS. If it is not, you can use the following command to define it to the RDT:
TSS ADD(RDT) RESCLASS(PTKTDATA) ACLST(ALL,UPDATE=6000,READ,NONE) MAXLEN(37)
* For RDEFINE PTKTDATA SERNET SSIGNON(user_must_choose) APPLDATA(’NO REPLAY PROTECTION’), the Top Secret equivalent command is:
TSS ADD(NDT) PSTKAPPL(SERNET) SESSKEY(key-descr) SIGNMULTI
PSTKAPPL
Identifies an up to eight-character application that is assigned a session key for PassTicket processing, and allows one application per command that can be a letter, number, or special character.
SESSKEY
Specifies an up to 16-character hexadecimal "password" that is unique to each application defined by a PSTKAPPL keyword. You must supply a SESSKEY with PSTKAPPL. You can specify whatever you’d like for the SESSKEY as long as it’s not being used for SESSKEY in another application in the NDT.
* Normally with passtickets, there is a RACF REDEFINE and PERMIT command for a PTKTDATA resource. For example:
RDEFINE PTKTDATA IRRPTAUTH.SERNET.* UACC(NONE)
PERMIT IRRPTAUTH.SERNET.* CL(PTKTDATA) ID(xxxxxx) ACCESS(UPDATE)
SETROPTS RACLIST(PTKTDATA) REFRESH
For which the TSS equivalent commands are:
TSS ADD(dept) PTKTDATA(IRRPTAUTH) (if not already done)
TSS PER(acid) PTKTDATA(IRRPTAUTH.SERNET.) ACC(UPDATE)