ACF2

The ACF2 team is pleased to announce the availability of enhanced PassTicket support. Enhanced PassTickets use a more secure algorithm and have additional features compared to legacy PassTickets.

Enhanced PassTickets

• Key must be stored encrypted in ICSF.
• 256-2048 bit HMAC secret key.
• PassTickets contain upper and lowercase A-Z, a-z, 0-9, - (dash), and _ (underscore) when PTTYPE is set to MIXED.
• Time out is configurable (1-600 seconds).

Legacy PassTickets

• Can be masked or key stored encrypted in ICSF.
• Secret 64-bit DES key.
• PassTickets contain uppercase A-Z, 0-9.
• Time out is 10 minutes.

For more information, see PTKTDATA Profile Records.

------------------------------
Laura Fletcher
Staff Technical Writer
Broadcom
Illinois
------------------------------

Hi Laura

the provided documentation Define PassTicket (AZFPTKT1) seems not be valid or at least confusing, this is the documentation how to configure IBM MFA with PassTicket.

br Ewald
Original Message:
Sent: Jan 30, 2023 09:37 AM
From: Laura Fletcher
Subject: ACF2 Provides Enhanced PassTicket Support

The ACF2 team is pleased to announce the availability of enhanced PassTicket support. Enhanced PassTickets use a more secure algorithm and have additional features compared to legacy PassTickets.

Enhanced PassTickets

• Key must be stored encrypted in ICSF.
• 256-2048 bit HMAC secret key.
• PassTickets contain upper and lowercase A-Z, a-z, 0-9, - (dash), and _ (underscore) when PTTYPE is set to MIXED.
• Time out is configurable (1-600 seconds).

Legacy PassTickets

• Can be masked or key stored encrypted in ICSF.
• Secret 64-bit DES key.
• PassTickets contain uppercase A-Z, 0-9.
• Time out is 10 minutes.

For more information, see PTKTDATA Profile Records and Define PassTicket (AZFPTKT1).

------------------------------
Laura Fletcher
Staff Technical Writer
Broadcom
Illinois
------------------------------