Location of client and server

The CICS® Configuration Manager client (the ISPF dialog or the batch command interface) and CICS Configuration Manager server can be on different systems, but they must use the same external security manager database, such as a RACF® database. This is because the client may generate a PassTicket, and then send it to the CICS Web Interface that is used by the server.

Figure 1. CICS Configuration Manager client and server must use the same security database

If the security database used to generate the PassTicket and the security database used to authenticate the PassTicket are different, then the authentication may fail, and the CICS Web Interface will deny the client access.

Figure 2. Not allowed: CICS Configuration Manager client and server using different security databases

For more information about PassTickets, see z/OS®: SecureWay Security Server RACF Security Administrator's Guide.