Authorize the PassTicket program libraries

The programs that the CICS® Configuration Manager batch and ISPF clients use to create PassTickets are authorized programs; they must reside in an APF-authorized library. In addition, the program that creates PassTickets for the ISPF client must be authorized within TSO/E.

For the batch client, the authorized program that creates PassTickets is the main batch client interface program CCVBMAIN. For the ISPF client, the authorized program is CCVSCRPT. Both programs are supplied in the CICS Configuration Manager authorized program load module library SCCVAUTH.

To enable PassTicket processing for the batch client:

  1. Make CCVBMAIN accessible to batch jobs as an authorized program. Either:
    • Add SCCVAUTH to the APF-authorized list and the batch job stepped library concatenation (STEPLIB). Ensure that all libraries in the STEPLIB are also APF-authorized.

      CCVBMAIN uses load modules in the SCCVAlang library. If you APF-authorize SCCVAUTH and add it to the STEPLIB, and you also add SCCVAlang to the STEPLIB, then you must APF-authorize SCCVAlang. All of the libraries in the STEPLIB must be authorized, otherwise CCVBMAIN will not run as an authorized program: it will not be able to create a PassTicket, and it will not be able to successfully connect to the CICS Configuration Manager server via an authenticated port.

    • Copy CCVBMAIN to the LPA (link pack area). Clear and reload the LPA.
    • Add SCCVAUTH to the APF-authorized list and the linklist concatenation (LNKLST). For details, see z/OS®: MVS™ Initialization and Tuning Reference.
    • Copy CCVBMAIN to a library that is already in the APF-authorized list and the linklist.

    For an example of JCL that invokes the batch client, see Figure 1.

To enable PassTicket processing for the ISPF client:

  1. Authorize the CCVSCRPT program within TSO/E. Add the program name to:
    • The AUTHPGM list of programs that are authorized when invoked via the CALL command

      and

    • The AUTHTSF list of programs that are authorized when invoked through the TSO/E service facility

    For example, edit the SYS1.PARMLIB member IKJTSOxx, and add CCVSCRPT to the following two lists:

    AUTHPGM NAMES(
    ⋮
    CCVSCRPT
    ⋮
    )
    
    AUTHTSF NAMES(
    ⋮
    CCVSCRPT
    ⋮
    )

    SYS1.PARMLIB is a standard library name. However, your system might use a different naming convention: ask your system administrator.

    For more details on authorizing a program to TSO/E, see z/OS: TSO/E Customization.

  2. Make CCVSCRPT accessible to ISPF users as an authorized program. Either:
    • Add SCCVAUTH to the APF-authorized list and the STEPLIB of the users' TSO logon procedures. Ensure that all libraries in the STEPLIB are also APF-authorized. (This approach is not often used because of the difficulty in ensuring that all libraries in the STEPLIB are APF-authorized.)
    • Copy CCVSCRPT to the LPA. Clear and reload the LPA.
    • Add SCCVAUTH to the APF-authorized list and the linklist.
    • Copy CCVSCRPT to a library that is already in the APF-authorized list and the linklist.
    • In the users' logon procedures, use the TSOLIB ACTIVATE command to add SCCVAUTH to the search order. This avoids having to APF-authorize all libraries in the STEPLIB. For an example of this technique, see the REXX procedure CCVX0005 supplied in the sample library SCCVSAMP.
Note:
  1. If you add SCCVAUTH to the linklist, or you add CCVBMAIN and CCVSCRPT to the LPA, then omit SCCVAUTH from the STEPLIB of batch jobs and TSO logon procedures.
  2. The CICS Configuration Manager ISPF client invokes the CCVSCRPT program using MVS services, not ISPF services. Therefore, adding SCCVAUTH to the ISPLLIB concatenation would serve no purpose.

If you are also using CICS Configuration Manager V1.2

If you have both CICS Configuration Manager V2.1 and V1.2, then remove the V1.2 SCCVAUTH library from the APF-authorized list, to ensure that you use the CCVSCRPT program in the Version 1.2 SCCVAUTH library. The V2.1 CCVSCRPT program is backwardly compatible with V1.2 of CICS Configuration Manager. However, the V1.2 CCVSCRPT program has not been tested with V2.1.