-Original Message-
From: IBM Mainframe Discussion List On Behalf Of Charles Mills
[ snip ]
but what I would REALLY like is what I asked for: some
automated way of getting a user here signed on
automatically there. It looks like PassTicket will do
exactly that but I am a little
On 1/5/2006 12:30 PM, Charles Mills wrote:
Thanks. Let me echo Bob Lester's request for more pointers if possible and
ALSO ask:
I ran across the facility called PassTicket. Wouldn't this do the job? The
job being letting a program running for user XYZ log on to FTP on a
different machine using
On 1/5/2006 9:57 AM, Lester, Bob wrote:
This does sound a lot better that the .netrc approach (which we've been
using). Can you point me to the relevent manuals? Redbooks?
What level of info do you need? If you're already using digital
certificates then you have some basic info and
| -Original Message-
| From: IBM Mainframe Discussion List [mailto:[EMAIL PROTECTED]
| Behalf Of Walt Farrell
| Sent: Friday, January 06, 2006 6:47 AM
| To: IBM-MAIN@BAMA.UA.EDU
| Subject: Re: FTP userid propagation
|
|
| On 1/5/2006 9:57 AM, Lester, Bob wrote
On 1/6/2006 9:47 AM, Lester, Bob wrote:
I've got ported tools installed in my test LPAR (V1R4), and can do SSL over
TN3270 (Extra emulator) so I think I've got the basics. I'm more interested
in securing FTP via SSL/TLS. SCP would also seem to be an option for
transferring files.
-
From: IBM Mainframe Discussion List [mailto:[EMAIL PROTECTED] On Behalf
Of Walt Farrell
Sent: Friday, January 06, 2006 5:19 AM
To: IBM-MAIN@BAMA.UA.EDU
Subject: Re: FTP userid propagation
On 1/5/2006 12:30 PM, Charles Mills wrote:
Thanks. Let me echo Bob Lester's request for more pointers
.
Charles
-Original Message-
From: IBM Mainframe Discussion List [mailto:[EMAIL PROTECTED] On Behalf
Of Greg Saccomanno
Sent: Thursday, January 05, 2006 2:17 PM
To: IBM-MAIN@BAMA.UA.EDU
Subject: Re: FTP userid propagation
Charles,
I am curious what security disaster exists with each of the users
-Original Message-
From: IBM Mainframe Discussion List On Behalf Of Charles Mills
I just posted the NETRC question but perhaps I should instead
ask the fundamental underlying question. Here is what I want to do.
I want to have a program ABC running in a normal batch job
that
] On
Behalf Of Charles Mills
Sent: Wednesday, January 04, 2006 5:43 PM
To: IBM-MAIN@BAMA.UA.EDU
Subject: FTP userid propagation
I just posted the NETRC question but perhaps I should instead ask the
fundamental underlying question. Here is what I want to do.
I want to have a program ABC running
On 1/4/2006 5:43 PM, Charles Mills wrote:
I just posted the NETRC question but perhaps I should instead ask the
fundamental underlying question. Here is what I want to do.
I want to have a program ABC running in a normal batch job that might be
submitted by any of a large number of TSO users
Walt Farrell said:
|
| The z/OS FTP server and client both support authentication
| via digital
| certificates (client authentication functions of SSL or
| TLS). I suggest
| you use that approach.
|
| Walt Farrell, CISSP
| z/OS Security Design, IBM
|
Hi
passwords
and clocks)? Any gotchas with PassTicket?
Charles
-Original Message-
From: IBM Mainframe Discussion List [mailto:[EMAIL PROTECTED] On Behalf
Of Walt Farrell
Sent: Thursday, January 05, 2006 6:21 AM
To: IBM-MAIN@BAMA.UA.EDU
Subject: Re: FTP userid propagation
On 1/4/2006 5:43 PM
PM
To: IBM-MAIN@BAMA.UA.EDU
Subject: Re: FTP userid propagation
What is the problem with a userid.NETRC with a UACC of NONE [and maybe an
additional PE ID(*) ACC(NONE)]? Except for someone with OPERATIONS,
everyone but the user should be locked out.
Charles Mills [EMAIL PROTECTED] wrote: I
, 2006 12:23 PM
To: IBM-MAIN@BAMA.UA.EDU
Subject: Re: FTP userid propagation
What is the problem with a userid.NETRC with a UACC of NONE [and maybe
an
additional PE ID(*) ACC(NONE)]? Except for someone with OPERATIONS,
everyone but the user should be locked out.
I don't think NETRC does
like to understand the possible applicability of SSL/TLS.
Charles
-Original Message-
From: IBM Mainframe Discussion List [mailto:[EMAIL PROTECTED] On Behalf
Of Greg Saccomanno
Sent: Thursday, January 05, 2006 2:17 PM
To: IBM-MAIN@BAMA.UA.EDU
Subject: Re: FTP userid propagation
Charles,
I
Charles,
Thank you for your reply. It sounds like the individual NETRC files may
not really be a security disaster but more of a maintenance disaster. I
would agree, it is very inconvenient to require each user to update the
NETRC file each time the password(s) on the remote system(s) change.
I just posted the NETRC question but perhaps I should instead ask the
fundamental underlying question. Here is what I want to do.
I want to have a program ABC running in a normal batch job that might be
submitted by any of a large number of TSO users invoke FTP and have it log
on to a remote
.
HTH and good luck.
-Original Message-
From: IBM Mainframe Discussion List [mailto:[EMAIL PROTECTED] On
Behalf Of Charles Mills
Sent: Wednesday, January 04, 2006 4:43 PM
To: IBM-MAIN@BAMA.UA.EDU
Subject: FTP userid propagation
I just posted the NETRC question but perhaps I should
: FTP userid propagation
IMHO, a flaw in your thinking is your wanting to use someone else's ID
for some security related activity.
Have the users stow their data in staging files. Upon some event (timer,
file creation, etc) a production job (the FTP) kicks off and does the
transfer under its
] On Behalf Of Charles
Mills
Sent: Wednesday, January 04, 2006 4:43 PM
To: IBM-MAIN@BAMA.UA.EDU
Subject: FTP userid propagation
I just posted the NETRC question but perhaps I should
instead ask the fundamental underlying question. Here
is what I want to do.
I want to have a program ABC running
20 matches
Mail list logo