Overview of DCAS Configuration and the z/OS Security Server

Automated Sign-on for Mainframe works with DCAS, a component of the z/OS Communications Server. Automated Sign-on requires that DCAS and the z/OS security server be configured to support PassTickets.

Security servers, such as RACF (Resource Access Control Facility), Top Secret, and ACF2, support PassTickets for use with z/OS. For simplicity, procedures are presented for configuring RACF; however, with minor modifications, the concepts and procedures also apply to Top Secret and ACF2.

To enable DCAS and RACF to support PassTicket services, the following conditions must be met:

  • RACF must be configured so that DCAS can run as a system daemon.
  • TLS must be configured for use with DCAS, including these items:

    • RACF key ring support must be enabled.
    • A TLS client authentication level must be configured.
    • A TLS server certificate for DCAS must be created or obtained.
    • A TLS client certificate must be created or obtained for use by the Automated Sign-On for Mainframe system to authenticate to DCAS.
  • A PassTicket profile must be defined for each host application that will support automated sign-on.

  • The DCAS server configuration must be updated with values that match those used with your deployment.
  • The DCAS server must be started.

Detailed steps are provided in the sections that follow.

For more information, see these References: IBM Redbooks and Examples of Using CA ACF2 , CA Top Secret, or IBM RACF to Configure Passtickets.

Information Exchange between Automated Sign-on, DCAS, and RACF

In the Introduction of this Administrator Guide, an overview diagram depicts how the terminal client emulator, Administrative Server, and Automated Sign-On for Mainframe use PassTickets to provide automated log-on for the end user.

The following diagram shows further detail about how DCAS and the z/OS security server provide PassTicket services for use by Automated Sign-On for Mainframe. This diagram refers to the sections in Appendix A for configuring each item.

detail diagram