I can't remember what I had to do to activate gskkyman. Oh yes, I had to add GSK.SGSKLOAD to PROG00 for APF and LNKLIST. Run gskkyman from TSO/OMVS. Once I had done the z/OS setup as below I had to work with the network guys to punch a hole thru our firewall to allow FTP SSL.
Here are the parms that I have in SYSFTPD
//SYSFTPD DD *
; ---------------------------------------------------------------------
;
; 7. Security options
;
; ---------------------------------------------------------------------
SECURE_MECHANISM TLS ; Name of the security mechanism
; that the client uses when it
; sends an AUTH command to the
; server.
; GSSAPI = Kerberos support
; TLS = TLS
SECURE_FTP REQUIRED ; Authentication indicator
; ALLOWED (D)
; REQUIRED
SECURE_CTRLCONN private ; Minimum level of security for
; the control connection
; CLEAR (D)
; SAFE
; PRIVATE
SECURE_DATACONN private ; Minimum level of security for
; the data connection
; NEVER
; CLEAR (D)
; SAFE
; PRIVATE
;SECURE_PBSZ 16384 ; Kerberos maximum size of the
; encoded data blocks
; Default value is 16384
; Valid range is 512 through 32768
; Name of a ciphersuite that can be passed to the partner during
; the TLS handshake. None, some, or all of the following may be
; specified. The number to the far right is the cipherspec id
; that corresponds to the ciphersuite's name.
CIPHERSUITE SSL_DES_SHA ; 09
CIPHERSUITE SSL_3DES_SHA ; 0A
CIPHERSUITE SSL_NULL_MD5 ; 01
CIPHERSUITE SSL_NULL_SHA ; 02
CIPHERSUITE SSL_RC4_MD5_EX ; 03
CIPHERSUITE SSL_RC4_MD5 ; 04
CIPHERSUITE SSL_RC4_SHA ; 05
CIPHERSUITE SSL_RC2_MD5_EX ; 06
KEYRING /ftp/ssl/mykeyring ; Name of the keyring for TLS
; It can be the name of an HFS
; file (name starts with /) or
; a resource name in the security
; product (e.g., RACF)
TLSTIMEOUT 060 ; Maximum time limit between full
; TLS handshakes to protect data
; connections
; Default value is 100 seconds.
; Valid range is 0 through 86400
; ---------------------------------------------------------------------
;
; 13. Additional advanced options
;
; ---------------------------------------------------------------------
FWFRIENDLY true ; (S) Use firewall friendly protocol
; for starting data connections?
; TRUE - Yes
; FALSE (D) - NO
; ---------------------------------------------------------------------
;
; 12. Debug (trace) options uncomment the one(s) you want to use
;
; ---------------------------------------------------------------------
;DEBUG TIME ; time stamp client trace entries
;DEBUG ALL ; activate all traces
;DEBUG BAS ; active basic traces
; (marked with an *)
;DEBUG FLO ; function flow
;DEBUG CMD ; * command trace
;DEBUG PAR ; parser details
;DEBUG INT ; * program initialization and
; termination
;DEBUG ACC ; access control (logging in)
;DEBUG SEC ; security processing
;DEBUG UTL ; utility functions
;DEBUG FSC(3) ; * file services
;DEBUG SOC(3) ; * socket services
;DEBUG SQL ; special SQL processing
The information in this e-mail message, including any attachments, may
contain confidential and privileged information that is protected by
law. It is intended for the sole use of the recipient named above. If
you are not the intended recipient or the agent responsible for
delivering it to the intended recipient, you are hereby notified that
any unauthorized review, use, dissemination or copying is strictly
prohibited. If you have received this electronic mail transmission in
error please notify us immediately at [EMAIL PROTECTED]
and delete any copies from your system.
<<<<GWAVAsig>>>>
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
