Thanks. Let me echo Bob Lester's request for more pointers if possible and ALSO ask:
I ran across the facility called PassTicket. Wouldn't this do the job? The job being letting a program running for user XYZ log on to FTP on a different machine using the same userid (and assuming synchronized passwords and clocks)? Any "gotchas" with PassTicket? Charles -----Original Message----- From: IBM Mainframe Discussion List [mailto:[EMAIL PROTECTED] On Behalf Of Walt Farrell Sent: Thursday, January 05, 2006 6:21 AM To: [email protected] Subject: Re: FTP userid propagation On 1/4/2006 5:43 PM, Charles Mills wrote: > I just posted the NETRC question but perhaps I should instead ask the > fundamental underlying question. Here is what I want to do. > > I want to have a program ABC running in a "normal" batch job that might be > submitted by any of a large number of TSO users invoke FTP and have it log > on to a remote z/OS FTP server and, among other things, submit a job. I have > complete control over the INPUT (command) file which is built on the fly. > Here is the key question: I would like the FTP logon to be with the userid > of the original user who submitted the batch job. Do any of you creative > souls want to suggest a reasonable way to do this? The z/OS FTP server and client both support authentication via digital certificates (client authentication functions of SSL or TLS). I suggest you use that approach. Walt Farrell, CISSP z/OS Security Design, IBM ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
