3.3 3. Configure DCAS and RACF on z/OS

This configuration is required before trust can be established between Management and Security Server and the DCAS server.

To enable Automated Sign-on for Mainframe to connect to IBM host applications, the MSS Administrative Server must exchange information with the Digital Certificate Access Server (DCAS) on z/OS (OS/390 V2R10 and later). DCAS works with RACF to obtain PassTickets, which act as time-limited single-use passwords in the automated sign-on process.

DCAS is included with the z/OS Communications Server, but is not installed by default. You may wish to verify whether DCAS has already been enabled on the mainframe.

For example, if you used the Express Logon Facility (ELF) feature of z/OS, then DCAS may already be enabled; however, other z/OS components (such as the Telnet server or RACF) may need additional configuration.