Please review the instructions in the RACF doc:
https://www.ibm.com/support/knowledgecenter/en/SSLTBW_2.3.0/com.ibm.zos.v2r3.icha700/secsign.htmIf you have more questions, please let me know. Thanks.
------------------------------
Bob Petti
------------------------------
Original Message:
Sent: Mon November 23, 2020 02:52 AM
From: Nordine Mosbah
Subject: Pass ticket encrypted
Hello ,
To start from scratch with the usage of the PASS TICKET encrypted between 2 Lpars using CCA mode coprocessors it's plan to do the following steps :
0- Loading Master keys (DES,AES,RSA,ECC)
1- Put the CSNBENC module in LPA
2- Protect/give access to the appropriate group users on the following services in the CSFSERV class :
CSFCKI
CSFKRC
CSFKRW
CSFKRD
Does this of only those 4 services to protect is sufficient ?
3- RDEF PTKTDATA MYAPPL SSIGNON(KEYENCRYPTED(1234567812345678)) on both systems (required PTKTDATA profiles)
However , We're in zOS 2.3 version : is there any other steps to add to the above ones 0-3 ?
Is there any CSFKEYS profile to add ?
Thank you .
------------------------------
Nordine
------------------------------