The RACF® secured signon function provides an alternative to the RACF password called a PassTicket. Instead of having the user's clear text password flow over the network, a RACF PassTicket can be generated by a requesting product or function, and used as the user's authenticator to a RACF secured network application. In addition to the possibility of improved security for passwords within the network, PassTicket technology can be used to effectively move the authentication of a mainframe application user ID from RACF to another authorized function running on the host system, or to the work station local area network (LAN) environment. If RACF authenticates a password field and determines that it is not the RACF password for the user ID, RACF might perform a second authentication step to determine whether the password field is a valid PassTicket. See How RACF processes the password or PassTicket for more information. See z/OS Security Server RACF Macros and Interfaces for information on generating PassTickets.