On 5/18/2006 9:05 AM, David Huysmans wrote:
we want to send data between 2 different MVS sysplexes. We’re planning to
use FTP as the protocol for the datatransfer.
The only problem we have with this is the confidentiality of the passwords
we have to use to set up the communication.
The user(s) we will use for the FTP needs to have access to a lot of
production data, so the impact when the password is revealed, could be huge.
You could do that with an SSL/TLS session between your z/OS FTP client
and your z/OS server, with client authentication based on digital
certificates. The server can accept the client's certificate, map it to
a user ID, and complete the authentication without the need to flow a
password.
Walt Farrell, CISSP
z/OS Security Design, IBM
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
