Authorize the PassTicket program libraries

The programs that the CICS® Configuration Manager batch and ISPF clients use to create PassTickets are authorized programs; they must reside in an APF-authorized library. In addition, the program that creates PassTickets for the ISPF client must be authorized within TSO/E.

For the batch client, the authorized program that creates PassTickets is the main batch client interface program CCVBMAIN. For the ISPF client, the authorized program is CCVSCRPT. Both programs are supplied in the CICS Configuration Manager authorized program load module library SCCVAUTH.

Start of changeTo enable PassTicket processing for the batch client, perform the following steps. You must perform these steps on each logical partition (LPAR) on which you will be running the batch client.End of change

  1. Make CCVBMAIN accessible to batch jobs as an authorized program. Either:
    • Add SCCVAUTH to the APF-authorized list and the batch job stepped library concatenation (STEPLIB). Ensure that all libraries in the STEPLIB are also APF-authorized.

      CCVBMAIN uses load modules in the SCCVAlang library. If you APF-authorize SCCVAUTH and add it to the STEPLIB, and you also add SCCVAlang to the STEPLIB, then you must APF-authorize SCCVAlang. All of the libraries in the STEPLIB must be authorized, otherwise CCVBMAIN will not run as an authorized program: it will not be able to create a PassTicket, and it will not be able to successfully connect to the CICS Configuration Manager server via an authenticated port.

    • Copy CCVBMAIN to the LPA (link pack area). Clear and reload the LPA.
    • Add SCCVAUTH to the APF-authorized list and the linklist concatenation (LNKLST). For details, see z/OS®: MVS™ Initialization and Tuning Reference.
    • Copy CCVBMAIN to a library that is already in the APF-authorized list and the linklist.

    For an example of JCL that invokes the batch client, see Figure 1.

Start of changeTo enable PassTicket processing for the ISPF client, perform the following steps. You must perform these steps on each LPAR on which you will be running the ISPF client.End of change

  1. Authorize the CCVSCRPT program within TSO/E. Add the program name to:
    • The AUTHPGM list of programs that are authorized when invoked via the CALL command

      and

    • The AUTHTSF list of programs that are authorized when invoked through the TSO/E service facility

    For example, edit the SYS1.PARMLIB member IKJTSOxx, and add CCVSCRPT to the following two lists:

    AUTHPGM NAMES(
    ⋮
    CCVSCRPT
    ⋮
    )
    
    AUTHTSF NAMES(
    ⋮
    CCVSCRPT
    ⋮
    )

    SYS1.PARMLIB is a standard library name. However, your system might use a different naming convention: ask your system administrator.

    Start of changeAfter editing IKJTSOxx members, you need to activate your changes by issuing either of the following commands:End of change

    • SET IKJTSO=xx console command

      or

    • TSO PARMLIB UPDATE(xx) command

    For more details on authorizing a program to TSO/E, see z/OS: TSO/E Customization.

  2. Make CCVSCRPT accessible to ISPF users as an authorized program. Either:
    • Add SCCVAUTH to the APF-authorized list and the STEPLIB of the users' TSO logon procedures. Ensure that all libraries in the STEPLIB are also APF-authorized. (This approach is not often used because of the difficulty in ensuring that all libraries in the STEPLIB are APF-authorized.)
    • Copy CCVSCRPT to the LPA. Clear and reload the LPA.
    • Add SCCVAUTH to the APF-authorized list and the linklist.
    • Copy CCVSCRPT to a library that is already in the APF-authorized list and the linklist.
    • In the users' logon procedures, use the TSOLIB ACTIVATE command to add SCCVAUTH to the search order. This avoids having to APF-authorize all libraries in the STEPLIB. For an example of this technique, see the REXX procedure CCVX0005 supplied in the sample library SCCVSAMP.
Note:
  1. If you add SCCVAUTH to the linklist, or you add CCVBMAIN and CCVSCRPT to the LPA, then omit SCCVAUTH from the STEPLIB of batch jobs and TSO logon procedures.
  2. The CICS Configuration Manager ISPF client invokes the CCVSCRPT program using MVS services, not ISPF services. Therefore, adding SCCVAUTH to the ISPLLIB concatenation would serve no purpose.

If you are also using CICS Configuration Manager V1.2

If you have both CICS Configuration Manager V5.1 and V1.2, then remove the V1.2 SCCVAUTH library from the APF-authorized list, to ensure that you use the CCVSCRPT program in the Version 1.2 SCCVAUTH library. The V5.1 CCVSCRPT program is backwardly compatible with V1.2 of CICS Configuration Manager. However, the V1.2 CCVSCRPT program has not been tested with V5.1.


Information Information

Feedback


Timestamp icon Last updated: Friday, 8 February 2013


http://pic.dhe.ibm.com/infocenter/cicsts/v5r1/topic//ccv-install-passticket-authorize.htm