Charles, I am curious what security disaster exists with each of the users that will use this process having a userid.NETRC file with a UACC(NONE) be? If it is the OPERATIONS ATTRIBUTE users being able to access the files that is hte problem, if they are all in a single group (or limited groups) give that group(s) access of NONE and even the users with OPERATIONS attributes will not be able to access the NETRC files.
I am not trying to be difficult but we currently do something very much like this and I can't see where this causes any security exposure. It is a little bit of a pain for the users to maintain the password in the NETRC file but so far they are living with that. What did I miss and what exposure do I now have? Thank you, Greg >-----Original Message----- >From: IBM Mainframe Discussion List [mailto:[EMAIL PROTECTED] On Behalf >Of Barry Schwarz >Sent: Thursday, January 05, 2006 12:23 PM >To: [email protected] >Subject: Re: FTP userid propagation > > > What is the problem with a userid.NETRC with a UACC of NONE [and maybe an >additional PE ID(*) ACC(NONE)]? Except for someone with OPERATIONS, >everyone but the user should be locked out. >I don't think NETRC does the job because a "local" NETRC is a security >disaster and a "global" NETRC file would only provide one userid and >password for the remote machine -- my whole point is I want to "propagate" >each individual user id. > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
