I was really into passtickets about fifteen years ago and now I have forgotten
some specifics.
Yes, passtickets are really cool and are totally appropriate for what you want.
Yes, even if you don't want application-specificity passtickets does. Yes,
without your doing something about it you may get an application name that is
unsatisfactory in some way -- perhaps varies from run to run. Yes, there should
be a way to specify that application name. For example, here is how to specify
an application name for the FTP server (and probably other OMVS processes):
PARM='ENVAR("_BPX_JOBNAME=MYFTP")'
No, I don't think anything in enhanced passtickets changes anything above.
HTH,
Charles
On Wed, 2 Aug 2023 20:22:09 +0000, Robert Garrett <[email protected]>
wrote:
>Something that's been puzzling me:
>
>Imagine an interactive application that requires valid user credentials (ID
>and password) to access, but does NOT require specific authorization to the
>application.
>In other words, the app does a RACROUTE REQUEST=VERIFY to validate credentials
>and create the associated ACEE representing the user, but it does NOT provide
>the APPL= parameter on the request, nor does it perform a subsequent
>REQUEST=AUTH on an APPL resource. In other words, if you've got a valid
>ID/password, you can "log on" to the app - no PERMIT to the app itself is
>required and there's also no corresponding APPL resource for it.
>
>Now, what if I want to be able to generate pass tickets in place of passwords
>to access this app? Doing that requires a PTKTDATA resource whose name
>matches the application to control pass ticket generation, but this
>application doesn't provide a name for itself.
>Possible?
>Just plain not supported?
>Will RACF "assume" an application name (JOB/STC name, VTAM Applid, something
>else) and use that to locate the applicable PTKTDATA resource (and if so, what
>does it use)?
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
