Hello List(eners), we have the following situation :
we want to send data between 2 different MVS sysplexes. We’re planning to use FTP as the protocol for the datatransfer. The only problem we have with this is the confidentiality of the passwords we have to use to set up the communication. The user(s) we will use for the FTP needs to have access to a lot of production data, so the impact when the password is revealed, could be huge. We were now thinking of using Kerberos as the authentication protocol for FTP, because this should eliminate the need for a password. When I look at the TCPIP security redbook, I’m surprised to see the need to send a user and password, after the kerberos authentication has been set up. I’m wondering what the added value then is for using kerberos. As I understood; you receive a ticket from your kerberos server, and with this ticket you should be able to gain access to other servers within the realm. There should be no more need for a password. The tickets map you to a user defined within your SAF database (I our case ACF2). Is there any way to eliminate the use of user/password when doing an FTP (TSO/batch) from one MVS to another MVS? When kerberos would be the answer for this problem : does anyone have a document for implementing it using ACF2 as the SAF database (something more usable than the ACF2 administrator book). Any sugestion is welcome, Regards. Bert Gilis ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
