Luke Wilby wrote (aggregating previous posts): >I'm wondering if anyone is using cURL on z/OS in a >production setting? >I'm interested how to utilise cURL when the target >URL requires authentication. >We can't use Basic Auth because we are not able to >store usernames and password in scripts or batch jobs. >We can't easily use certificates because our users on >z/OS do not have certificates and our Windows based >corporate certificate management doesn't allow users >access to the private keys of their Windows certificates. >The cURL targets require client authentication. >The cURL targets live on z/OS (z/OS Connect, zOSMF, DB2, >etc) >The clients may be TSO users, batch jobs, Windows, Mac or >Linux clients. The batch jobs may run under userids that >do not have passwords. >We cannot store passwords anywhere. No scripts, no files. >Our z/OS users generally don't have certificates or keyrings. >Our servers do (DB2, z/OS Connect, zOSMF, etc). >My clients need to authenticate to the server. The server >then needs to perform authorization checks. >It's the authentication part that we need to sort out. >Our company's internal certificate management is done on >Windows. Our Windows clients have personal certificates, >installed by our Windows team. They don't have access to >the private keys. >Our z/OS clients don't have certificates and even if they >did, they would come from the Windows team and our clients >wouldn't have access to the private keys to issue the cURL >call.
David Crayford wrote: >Use tokens > https://developer.atlassian.com/cloud/jira/platform/basic-auth-for-rest-apis/ This suggestion makes a lot of sense, agreed. For example, the z/OS Connect Enterprise Edition documentation explains more about these options here: https://www.ibm.com/support/knowledgecenter/SS4SVW_3.0.0/securing/security_overview.html - - - - - - - - - - Timothy Sipples I.T. Architect Executive Digital Asset & Other Industry Solutions IBM Z & LinuxONE - - - - - - - - - - E-Mail: [email protected] ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
