IBM Information Management System (IMS)

IBM Information Management System (IMS)

IBM Information Management System (IMS)

The secure, integrated application platform & database management system designed for high-performance online transaction & data processing that offers a reliable & flexible platform to host & extend the functionalities of business critical applications.

 View Only

Introducing IMS Connect PassTicket Support for OM Path

By Sanjay Kaliyur posted Mon July 24, 2023 03:53 PM

  

By Christopher Johanson and Sanjay Kaliyur

At IBM IMS, we put a great deal of focus on application security. We strive to provide our customers with a variety of solutions to allow for greater flexibility in securing their systems. Continuing with this mission, we are happy to announce a new authentication enhancement for IMS Connect clients that will allow users to specify RACF PassTickets for user authentication when issuing commands to OM.

PassTickets vs Passwords

In this heightened age of digital security, RACF PassTickets allow users to generate one-time-only passwords for authentication purposes. This allows IBM customers to maintain a higher security standard by eliminating the need to send RACF passwords across a network, thus putting them at risk of password theft or interception.  

All IMS v15 customers can now use RACF PassTickets as an alternative to passwords for authentication of command requests to OM. To use RACF PassTicket, specify the PassTicket in the IRM in place of the password and also specify the application name in IRM_APPL_NM.

How does it work?

For PassTicket support, establish the RACF PassTicket generation routine and then supply the routine to the distributed platform. Define the PassTicket definitions in RACF.

For IMS Connect API for Java clients, the ICON API does not generate RACF PassTickets. Clients are responsible for generating the PassTickets and setting them in the command request message by issuing the TmInteraction.setRacfPassword(<PassTicket>). Clients must also specify the application name by issuing TmInteraction.setRacfApplName(<ApplNm>).

The following high-level process describes how an IMS Connect client connection to IMS OM is authenticated with a RACF PassTicket:

1. The client generates the RACF PassTicket and specifies it in the command request in the IRM_RACF_PW field. It also specifies the application name in the IRM_APPL_NM field.

2. The client creates a connection to IMS Connect and sends the command request with the generated PassTicket, user ID, and application name to IMS Connect.

3. IMS Connect issues the RACROUTE REQUEST=VERIFY call to RACF to authenticate the user ID of the client connection. On the RACF RACROUTE REQUEST=VERIFY call, IMS Connect includes the following information:

  - The RACF PassTicket and user ID sent from the client.

  - The application name sent from the client.  This application name should be defined to the RACF PTKTDATA class and user ID should be permitted access to this application name.

Please visit this link to learn more about the RACF definitions.

Please note: Customers are responsible for all RACF definitions. Additionally, the application name must be specified at the message level in each command request.

How can I get it?

The new IMS Connect PassTicket support enhancement is available for all IMS customers running IMS version 15.1 and above through APAR PH51844. For customers using an IMS Connect API for Java Client, IMS Connect API APAR PH54017 is required.

If you’d like to learn more about IMS and view the great educational content our team has made available, please visit IMS Central.

0 comments
15 views

Permalink

https://community.ibm.com/community/user/blogs/sanjay-kaliyur1/2023/07/24/introducing-ims-connect-passticket-support-for-om