Description

The use of PASSTICKET may use both PTKTDATA PROFILE records and resource CLASS PTKTDATA RESOURCE records. These records are stored in the ACF2 Infostorage database under class "P" for PROFILE and class "R" for RESOURCE records respectively.

Solution

The use of PASSTICKETs can be associated with two types of REBUILDs, one for the PTKTDATA PROFILE records and one for the FASTAUTH RESOURCE validation check that will be made to verify that a user has the appropriate authority to generate or validate a PassTicket for a specific user.

The FASTAUTH resource validation check before a PassTicket is generated, is optional and controlled by the PTKRESCK bit field of the C(GSO) OPTS record. This allows for more security over who can and cannot generate a PassTicket.

The REBUILD for the PTKTDATA PROFILE records is:

F ACF2,REBUILD(PTK),CLASS(P),

the rebuild for the PTKTDATA RESOURCE rules used for the validation check is:

F ACF2,REBUILD(PTK),CLASS(R).

Any changes or additions to the PTKTDATA PROFILE records or PTKTDATA resource class rules would require the appropriate REBUILD command to make the records effective.

When doing an ACF2 REBUILD the CLASS parameter specifies the one-character infostorage class code that this command affects. Valid values are:

R-For resource rule sets. R is optional and is the default value.
D-For DB2. To rebuild eTrust CA-ACF2 for DB2 rule sets, specify D.
S-For scope records. To rebuild scope records, specify S.
E-For entry source records. To rebuild entry source records, specify E.
P-For profile records. To activate new or changed profile records, specify P.

For details on the PTKTDATA PROFILE record and resource validations see Chapter 15: Maintaining Profile Records, section "PTKTDATA Profile Records".

-