Robert, I think you will more likely get an answer on the RACF-L list rather than IBMMAIN. I use both lists, but I do not know the answer to your question. I think some on RACF-L will know.
Lennie -----Original Message----- From: IBM Mainframe Discussion List <[email protected]> On Behalf Of Robert Garrett Sent: 02 August 2023 21:22 To: [email protected] Subject: Specific Question/Scenario on using Pass Tickets with RACF Something that's been puzzling me: Imagine an interactive application that requires valid user credentials (ID and password) to access, but does NOT require specific authorization to the application. In other words, the app does a RACROUTE REQUEST=VERIFY to validate credentials and create the associated ACEE representing the user, but it does NOT provide the APPL= parameter on the request, nor does it perform a subsequent REQUEST=AUTH on an APPL resource. In other words, if you've got a valid ID/password, you can "log on" to the app - no PERMIT to the app itself is required and there's also no corresponding APPL resource for it. Now, what if I want to be able to generate pass tickets in place of passwords to access this app? Doing that requires a PTKTDATA resource whose name matches the application to control pass ticket generation, but this application doesn't provide a name for itself. Possible? Just plain not supported? Will RACF "assume" an application name (JOB/STC name, VTAM Applid, something else) and use that to locate the applicable PTKTDATA resource (and if so, what does it use)? (If it matters, assume enhanced pass ticket via AES key in the ICSF CKDS). Enquiring minds would really like an authoritative and accurate answer on this one... Thanks, Rob ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
