MFA is getting to be more of a requirement. How do people handle MFA when scripting from Windows and Linux?
The basic rules are something you know, and something you have - which makes it hard for scripts as there is no person to type things in. We can do certificate logon which avoids a password - but what other factor can we use? If your password is encrypted ( or masked) on your laptop, then bad guys with access to your machine can steal both your password and your certificate, so this doesn't count. All I can think of is to have a hardware dongle like a Yubicon USB device plugged into the laptop. You could have networking rules - if from these IP addresses (internal to your site) then do something special - otherwise require full MFA. But I dont think we have the systems on z/OS to support this - for example z/OS TCPIP going to Liberty on z/OS. Any thoughts? Colin ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
