John S. Giltner, Jr. wrote:
Chase, John wrote:
-----Original Message-----
From: IBM Mainframe Discussion List On Behalf Of Perryman, Brian
FTP requires a Login, and protected userids can't be used in any
login operation, so I'd be surprised if you could do it.
Why would you want to though John? Sounds like a massive security
exposure??
Intent is to avoid transmitting a password "in the clear", even though
the
intended application is local-only, between LPARs within our sysplex.
The
ID would also have the "restricted" attribute, to forestall any access to
resources via UACC.
Seems secure enough to me, but I'm still relatively new at security.
-jc-
Why are you ftp'ing between LPAR's?
If they are all in the same plex, you can setup IP connections through
the CF. When you ftp use the IP address assigned to the remote systems
CF interface. The IP traffic will flow through the CF. Then the only
people that will have access to the userid password will be whomever can
trace traffic through the CF, and have access to where the JCL is stored
(actually the input statments to the ftp process).
Usually there is no need to ftp data between sysplex members, since idea
of sysplex is to *share* data, especially those on DASD. <g>
--
Radoslaw Skorupka
Lodz, Poland
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
