Question & Answer
Question
What are there RACF requirements for setting up an Authenticated port in CICS Configuration Manager for z/OS (CICS CM)? After setting up new CICS Configuration Manager for z/OS V5.2 server in our CICS environment, I am getting a "passticket' failure when attempting to connect using the ISPF panel to authenticated port of the new server. I get the following short message in the upper right-hand corner of the main ISPF panel:
"No passtickets"
An ISPF MSGID displays "CCVS003". Hitting the PF1 key shows long message:
"A request to generate a passticket failed. Set up of the CICS Configuration Manager security environment may be incomplete."
There were no messages related to this time in CCVLOG or MSGUSR sysouts of CICS region. A NETSTAT command displays the authenticated port we are using as active in "Listen' status in the EZZ2587I message.
Answer
Make sure the CCVSCRPT program being used by the ISPF dialog is APF authorized.
The CICS CM V5.2 documentation describes the steps to authorize the Pass Ticket program libraries in the section entitled Activate PassTicket processing and define a profile.
As for what RACF requirements are needed to setup an authenticated port for CICS CM V5.2, the same section Activate PassTicket processing and define a profile has example RACF definitions to setup passtickets required to use the authenticated port.
If your external security manager (ESM) is CA Top Secret or CA ACF2, refer to technote 1442929, ISPF Socket Failure message using CICS CM authenticated port and Pass Tickets which documents the following actions for CA Technologies products:
Topsecret users need to add the SIGNMULTI keyword to the NDT entry for the CICS CM server applid, for example:
TSS ADDTO(NDT) PSTKAPPL(applid) SESSKEY(AAAAAAA) SIGNMULTIACF2 users need to review the ACFRPTRV report and create a rule allowing the CICS CM userid to generate a passticket.
Product Synonym
CICSCM CICS CM
Was this topic helpful?
Document Information
Modified date:
02 June 2016
UID
dwa1276583