Activate PassTicket processing and define a profile
The procedure for activating PassTicket processing depends on which external security manager (ESM) your environment uses. The procedure presented here is for RACF®. Other ESMs, such as CA ACF2 and CA Top Secret, have similar facilities for PassTickets. For details, see the documentation for those products.
To activate PassTicket processing using RACF, perform the following steps. You must perform these steps on each logical partition (LPAR) on which you will be running a CICS® Configuration Manager server or client.
No replay protection?
Specifying "no replay protection" can improve CICS Configuration Manager performance, because it allows the CICS Configuration Manager client to reuse the same PassTicket for successive API calls.
If replay protection is on (the default), RACF does not allow PassTickets to be reused, so the client must create a new PassTicket for each API call. The algorithm for generating PassTickets uses the current time to the nearest second. To ensure a unique PassTicket, the client may need to wait for one second between API calls. Specifying "no replay protection" solves this performance issue.
With or without replay protection, PassTickets expire after approximately 10 minutes.