Jake,

I do not use FTCHKPWD, but I use FTCHKCMD to control user access (and lots
of other things).  I preferred FTCHKCMD, because I found I could accomplish
everything that FTCHKPWD allowed me to do and more, and it shares a
scratchpad with FTPOSTPR.

The server exits are pretty easy to install and test.  You can use a STEPLIB
in your FTP server proc and put the exits in there.  Changes are picked up
right away, since the FTP server spawns a new address space for each
session.  Just assemble and link your exit to the STEPLIB library and
connect to the server.

The exits need to be in an APF authorized library, and must be
program-controlled, like this:

 RDEF PROGRAM FTCHKCMD ADDMEM ('LOAD.LIBRARY.NAME'/volser /NOPADCHK)
UACC(READ)
 SETR WHEN(PROGRAM) REFRESH

Failure to do this will result in messages like this to the console:

 ICH420I PROGRAM FTCHKCMD FROM LIBRARY LOAD.LIBRARY.NAME CAUSED THE
ENVIRONMENT TO BECOME UNCONTROLLED
 BPXP014I ENVIRONMENT MUST BE CONTROLLED FOR DAEMON (BPX.DAEMON) PROCESSING.

You can make SAF (RACROUTE) calls from the exits.

The number of parameters passed to the exits can change from release to
release, so be sure to check the second parameter, which tells you how many
parameters are passed.

Hope this helps.

Steven St.Jean
http://sdsusa.com


> -----Original Message-----
> From: IBM Mainframe Discussion List [mailto:IBM-MAIN@bama.ua.edu] On
> Behalf Of Jake anderson
> Sent: Friday, June 08, 2012 6:05 AM
> To: IBM-MAIN@bama.ua.edu
> Subject: Controlling the FTP server - FTCHKPWD
> 
> Dear List,
> 
> Good Day !!
> 
> To control the FTP server we know we can use FTCHKPWD user exit. Has
> anyone used this EXIT at  your shop to control the FTP access ? Just
> wanted to understand the method to install this exit and control only
> the specified user gaining access to FTP server running on Z/OS.
> 
> Environment : Z/OS 1.8
> 
> Resource link :
> http://publib.boulder.ibm.com/infocenter/zos/v1r11/index.jsp?topic=/com.
> ibm.zos.r11.halz002/f1a1b391185.htm
> 
> Any comments or suggestions would help a lot
> 
> Jake
> 
> ----------------------------------------------------------------------
> For IBM-MAIN subscribe / signoff / archive access instructions, send
> email to lists...@bama.ua.edu with the message: INFO IBM-MAIN

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN

Reply via email to