On 1/5/2006 12:30 PM, Charles Mills wrote:
Thanks. Let me echo Bob Lester's request for more pointers if possible and
ALSO ask:
I ran across the facility called PassTicket. Wouldn't this do the job? The
job being letting a program running for user XYZ log on to FTP on a
different machine using the same userid (and assuming synchronized passwords
and clocks)? Any "gotchas" with PassTicket?
Good question, Charles.
PassTickets would work, but you would need to implement some code on the
client side to calculate the PassTicket so you could then provide it in
response to the password prompt from the server.
Prior to z/OS V1R7 that code must run APF-authorized. In z/OS R7 we
provide enhanced functions for generating PassTickets that can be used
by non-APF programs or Java. See
http://publibz.boulder.ibm.com/cgi-bin/bookmgr_OS390/BOOKS/ichza360/11.1?SHELF=EZ2ZO10F&DT=20050621032554
or http://makeashorterlink.com/?H2A842C6C for more information.
On z/OS V1R7 or later using PassTickets for functions like this has thus
become more feasible. However, it still does require some programming
around the FTP process. You can't simply run the standard FTP client.
Walt Farrell, CISSP
z/OS Security Design, IBM
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
