Use pass tickets for TPX sessions that are set up to use a secondary userid
search cancel

Use pass tickets for TPX sessions that are set up to use a secondary userid

book

Article ID: 4776

calendar_today

Updated On:

Products

TPX - Session Management Vman Session Management for z/OS

Issue/Introduction

We have some sessions set up with session option ACL Userid so that the user signs on to that application with a different userid than they used to sign on to TPX.  When we change this application to use pass tickets, signon fails:

TPXL0926 mm/dd/yy.xxx hh:mm:ss.xx ACLUSER FIELD INVALID FOR PASSTICKET : GEN FAILED 
FOR USERID: USER01A SESSION: TSOB ACLUSER: USER01B

Environment

TPX® Session Management for z/OS

Cause

TPX will only request pass ticket generation for the userid that originally signed on to TPX.  

It would be a significant security breach to request pass ticket generation for any other userid since there is no way to validate this.

By design, TPX will fail the session setup and generate message TPXL0926.

Resolution

The only options are:

  • Do not use pass tickets for this application
  • Enable the signon to the application for the userid that originally signed on to TPX
  • Where appropriate, enable multiple signons for a single userid within the application and external security
  • Sign on to TPX with the secondary userid

Additional Information

ACL Userid field is available in User or Profile Maintenance - Session Options (not in ACT):

                  TPX Profile Table Detail Panel                               
                                                            Panelid  - TEN0114 
 Command ===>                                               Userid   - 
                                                            Termid   - 
Profile:  BASEPROF                                          Date     - 
Session:  ABCTSO                                            Time     - 
                                    Application    System                      
                                    Defaults       Defaults                    
Applid/Tier LVL:  ABCDTSO                                                      
ACCESS=PASS:      _                                MULTIPLE                    
Timeout min.:     ______            ______         00000060                    
Modent name:      ________          ________                                   
Sesskey:          PF __             ______                                     
Start at signon:  _                                                            
Startup ACL:      ________          ACL01                                   
ACL Userid:       ________                                                     
ACL Password:     ________                                                     
Term ACL:         ________          ________                                   
ACB Mask:         ________                                                     
KeepACB:          _                 N                                          
Invisible:        _                                                            
OV/MVS ACI:       _                                                            
                                                                               
PF1=Help    PF3=End    PF4=Return   PF8=Next Page       "CANCEL" cancel   


From field level help:

ACL Userid specifies the one- to eight-character user ID that the ACLPGM uses as the &USERID parameter for this session. 

ACL Password specifies the one- to eight-character password that the ACLPGM uses as the &PSWD parameter for this session.                                 

Powered by Wolken Software