I can't remember what I had to do to activate gskkyman.  Oh yes, I had to add 
GSK.SGSKLOAD
to PROG00 for APF and LNKLIST.  Run gskkyman from TSO/OMVS.  Once I had done 
the z/OS setup
as below I had to work with the network guys to punch a hole thru our firewall 
to allow FTP SSL.

Here are the parms that I have in SYSFTPD

//SYSFTPD  DD *                                                           
; ---------------------------------------------------------------------   
;                                                                         
; 7. Security options                                                     
;                                                                         
; ---------------------------------------------------------------------   
                                                                          
 SECURE_MECHANISM  TLS               ; Name of the security mechanism     
                                     ; that the client uses when it       
                                     ; sends an AUTH command to the       
                                     ; server.                            
                                     ; GSSAPI = Kerberos support          
                                     ; TLS    = TLS                       
                                                                          
SECURE_FTP        REQUIRED          ; Authentication indicator            
                                     ; ALLOWED        (D)                 
                                     ; REQUIRED                           
                                                                          
 SECURE_CTRLCONN   private           ; Minimum level of security for      
                                     ; the control connection             
                                     ; CLEAR          (D)                 
                                     ; SAFE                                
                                     ; PRIVATE                             
                                                                           
 SECURE_DATACONN   private           ; Minimum level of security for       
                                     ; the data connection                 
                                     ; NEVER                               
                                     ; CLEAR          (D)                  
                                     ; SAFE                                
                                     ; PRIVATE                             
                                                                           
                                                                           
;SECURE_PBSZ       16384             ; Kerberos maximum size of the        
                                     ; encoded data blocks                 
                                     ; Default value is 16384              
                                     ; Valid range is 512 through 32768    
                                                                           
; Name of a ciphersuite that can be passed to the partner during           
; the TLS handshake. None, some, or all of the following may be            
; specified. The number to the far right is the cipherspec id              
; that corresponds to the ciphersuite's name.                              
 CIPHERSUITE       SSL_DES_SHA       ; 09                                  
 CIPHERSUITE       SSL_3DES_SHA      ; 0A                                  
CIPHERSUITE       SSL_NULL_MD5      ; 01                                   
CIPHERSUITE       SSL_NULL_SHA      ; 02                                   
CIPHERSUITE       SSL_RC4_MD5_EX    ; 03                                   
CIPHERSUITE       SSL_RC4_MD5       ; 04                                   
CIPHERSUITE       SSL_RC4_SHA       ; 05                                   
CIPHERSUITE       SSL_RC2_MD5_EX    ; 06                                   
                                                                           
KEYRING           /ftp/ssl/mykeyring  ; Name of the keyring for TLS        
                                    ; It can be the name of an HFS         
                                    ; file (name starts with /) or         
                                    ; a resource name in the security      
                                    ; product (e.g., RACF)                 
                                                                           
TLSTIMEOUT        060               ; Maximum time limit between full      
                                    ; TLS handshakes to protect data       
                                    ; connections                          
                                    ; Default value is 100 seconds.        
                                    ; Valid range is 0 through 86400       
 ; ---------------------------------------------------------------------     
 ;                                                                           
 ; 13. Additional advanced options                                           
 ;                                                                           
 ; ---------------------------------------------------------------------     
                                                                             
  FWFRIENDLY        true          ; (S) Use firewall friendly protocol       
                                      ; for starting data connections?       
                                      ; TRUE - Yes                           
                                      ; FALSE (D) - NO                       
                                                                             
; --------------------------------------------------------------------- 
;                                                                       
; 12. Debug (trace) options   uncomment the one(s) you want to use              
                            
;                                                                       
; --------------------------------------------------------------------- 
                                                                        
;DEBUG             TIME              ;   time stamp client trace entries
;DEBUG             ALL               ;   activate all traces            
;DEBUG             BAS               ;   active basic traces            
                                     ;      (marked with an *)          
;DEBUG             FLO               ;   function flow                  
;DEBUG             CMD               ; * command trace                  
;DEBUG             PAR               ;   parser details                 
;DEBUG             INT               ; * program initialization and     
                                     ;      termination                 
;DEBUG             ACC               ;   access control (logging in)    
;DEBUG             SEC               ;   security processing            
;DEBUG             UTL               ;   utility functions              
;DEBUG             FSC(3)            ; * file services                  
;DEBUG             SOC(3)            ; * socket services                
;DEBUG             SQL               ;   special SQL processing         
                                                                        
                                                                           
The information in this e-mail message, including any attachments, may 
contain confidential and privileged information that is protected by 
law. It is intended for the sole use of the recipient named above. If 
you are not the intended recipient or the agent responsible for 
delivering it to the intended recipient, you are hereby notified that 
any unauthorized review, use, dissemination or copying is strictly 
prohibited. If you have received this electronic mail transmission in 
error please notify us immediately at [EMAIL PROTECTED]
and delete any copies from your system.

<<<<GWAVAsig>>>>

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Reply via email to