If the Co:Z product is not being used, then I personally think FTPS is a better alternative to sftp on z/OS. The big advantage is that you can authenticate your account via Digital Certificates, instead of via password. Plus Digital Certificates are controlled by RACF (assuming it's setup that way) and that gives you an easy "talk to the security nerds" when auditors come around.
Scott On Tue, Jan 5, 2010 at 4:32 PM, Kirk Wolf <[email protected]> wrote: > I might be missing something, but I'm not aware of any additional > costs related to adding OMVS segments to userids. Its almost certain > that *some* of your userids already have them, so that they can be > "dubbed" to use Unix apis. > > Also, it is possible to setup an OMVS segment so that the default > "shell" program restricts execution of anything other than what you > want (like the sftp-server). This could, for example, be used to > restrict a user from using OMVS under TSO or logging in to SSH or > TTY-Telnet with a Unix Shell. > > But, if FTP/TLS works with your firewall and or NAT routers and > partner systems, then there's nothing wrong with it. > > Kirk Wolf > Dovetailed Technologies > http://dovetail.com > > > On Tue, Jan 5, 2010 at 6:12 PM, Donald Russell <[email protected]> > wrote: > > On Tue, Jan 5, 2010 at 16:06, Kirk Wolf <[email protected]> wrote: > > > >> Don, > >> > >> RE: USS requirement for SFTP > >> > >> You can use IBM's sftp or our free Co:Z sftp if the z/OS userid has a > >> valid OMVS segment. That's likely what is missing when you say > >> that "USS is not enabled", since z/OS has required USS for TCP/IP > >> support for a long time. > >> > >> > > Thanks, > > Yes... that helps with my understanding of what's what. :-) What I've > > learned: It's not that OMVS isn't there, it's just we don't grant access > to > > it regularly except on one of our MVS systems. I wonder why that is.... > I'm > > guessing it's money. :-) > > > > Well, I have a few things to work with now, and next week I expect the > > firewall thing to be resolved, so I may just stay with FTPS (TLS) since > that > > satisfies the security people. > > > > Cheers > > > > ---------------------------------------------------------------------- > > For IBM-MAIN subscribe / signoff / archive access instructions, > > send email to [email protected] with the message: GET IBM-MAIN INFO > > Search the archives at http://bama.ua.edu/archives/ibm-main.html > > > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: GET IBM-MAIN INFO > Search the archives at http://bama.ua.edu/archives/ibm-main.html > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
