Chase, John wrote:
-----Original Message-----
From: IBM Mainframe Discussion List On Behalf Of Perryman, Brian
FTP requires a Login, and protected userids can't be used in
any login operation, so I'd be surprised if you could do it.
Why would you want to though John? Sounds like a massive
security exposure??
Intent is to avoid transmitting a password "in the clear", even though the
intended application is local-only, between LPARs within our sysplex. The
ID would also have the "restricted" attribute, to forestall any access to
resources via UACC.
Seems secure enough to me, but I'm still relatively new at security.
-jc-
Why are you ftp'ing between LPAR's?
If they are all in the same plex, you can setup IP connections through
the CF. When you ftp use the IP address assigned to the remote systems
CF interface. The IP traffic will flow through the CF. Then the only
people that will have access to the userid password will be whomever can
trace traffic through the CF, and have access to where the JCL is stored
(actually the input statments to the ftp process).
In z/OS 1.5 (could be 1.4) IBM started supporting SSL'ed FTP. Everthing
going across the network is encrypted using SSL/TSL. However whomever
has access to the input to the ftp process still has access to the
userid/password.
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
