We are using Rocket's cURL. Fully supported and everything.
The primary use case at the moment:
Stop and Start z/OS Connect APIs using the z/OS Connect REST interface, from a
batch job with no password on the user account.
Eventually, we'll want to do similar stuff for other targets and using
Thanks David.
Sadly, for us, it uses basic auth and the base64 encoded token is as good as a
password. Our auditors would make life difficult.
> -Original Message-
> From: IBM Mainframe Discussion List On
> Behalf Of David Crayford
> Sent: Friday, July 24, 2020 13:33 PM
> To:
Oh ok ... guess I didn't realize that WET is being provided primarily for
'backward compatibility'.
Thanks for the clarification on the other bits.
> Using cURL or libcurl is not inherently dangerous. Any code that goes
> into production should be peer reviewed. You can write bad code in any
>
Ah sorry.. just realising that ID certs (& client auth) require private key lol.
I'm sure others will correct me if I'm wrong... afraid you've to use GENCERT,
GENREQ and then get it signed by your off-mainframe PKI.
That way, private keys for ID certificates exist on mainframe... which isn't an
On 2020-07-24 12:02 PM, kekronbekron wrote:
I wouldn't. I would recommend using a sophisticated networking library
like Java or whatever your favorite language is on the JVM.
Can't figure out if you're kidding...
No, I'm not kidding! IMO, unless you have a critical requirement to web
enable
Worth watching, thanks! Usually I'd rather read than listen, but this
guy really moves along. That's about half an hour of info packed into
12 minutes.
On 7/23/2020 6:17 PM, Tony Thigpen wrote:
I know this has just about run it's course, but I came across this
interesting youtube video
> I wouldn't. I would recommend using a sophisticated networking library
> like Java or whatever your favorite language is on the JVM.
Can't figure out if you're kidding...
> Who told you that? My employer offers a cURL port for z/OS and it's well
> maintained with support for production
Use tokens
https://developer.atlassian.com/cloud/jira/platform/basic-auth-for-rest-apis/
On 2020-07-24 11:21 AM, Luke Wilby wrote:
Hey David
Do you authenticate to Jira when using cURL? How?
-Original Message-
From: IBM Mainframe Discussion List On
Behalf Of David Crayford
Sent:
On 2020-07-24 11:12 AM, kekronbekron wrote:
Just mentioned ASM / COB CWET for options really.
They're a a lot more involved than the Python client (when that's available).
curl is ok as a user, but when you want to productionize something, I would
think the recommendation would be to use CWET.
Hey David
Do you authenticate to Jira when using cURL? How?
> -Original Message-
> From: IBM Mainframe Discussion List On
> Behalf Of David Crayford
> Sent: Friday, July 24, 2020 12:29 PM
> To: IBM-MAIN@LISTSERV.UA.EDU
> Subject: Re: cURL and security
>
> On 2020-07-23 2:17 PM,
cURL requires the client's private key for mutual auth.
I'm not familiar with CWET but I imagine the security considerations are the
same.
My clients need to authenticate to the server. The server then needs to perform
authorization checks.
It's the authentication part that we need to sort
Just mentioned ASM / COB CWET for options really.
They're a a lot more involved than the Python client (when that's available).
curl is ok as a user, but when you want to productionize something, I would
think the recommendation would be to use CWET.
Not saying curl is a bad tool, it is handy &
Hmm ... for client auth, isn't it just the public key of the client that has to
be sent to the server?
And the server checks that against the client cert's CAs?
In which case, you only need a copy of the client pub key from Windows, and add
it to a user keyring ... not the private key?
- KB
On 2020-07-23 2:17 PM, kekronbekron wrote:
It would be best to consider switching to the z/OS Client Web Enablement
Toolkit.
There are sample programs for REXX / ASM / COB .. and I'm positive there'll be
a Python client pretty soon (IBM Open Enterprise Python for z/OS).
To me the idea of
I know this has just about run it's course, but I came across this
interesting youtube video about "why the US did not adopt the metric
system" by a legitimate historian.
https://youtu.be/yseldOMcT4Q
Tony Thigpen
Bob Bridges wrote on 7/23/20 10:13 AM:
I would be willing to follow such a
CA Common Services supports SNMPv3 with DES encryption and SHA-5 and MD5
authentication, hopefully that works with your Solar Winds Orion server.
You define the use of encryption in the SNMPCNFG member for your ENFSNMPM
procedure (sample with good comments is in CAW0OPTV dataset). That would
be
Currently in IBM Enterprise COBOL the only rounding is round half away
from zero (5.5 becomes 6, -5.5 becomes -6). I understand than various
organizations use different rounding rules based on policy and/or
legal requirements in some or all computations involving rounding.
These would include
I'm not sure use CWET will make any difference.
The cURL targets require client authentication.
The cURL targets live on z/OS (z/OS Connect, zOSMF, DB2, etc)
The clients may be TSO users, batch jobs, Windows, Mac or Linux clients. The
batch jobs may run under userids that do not have
> Given the prior comments about wanting to not smart host / off-load to a
> different local SMTP server, yes, I'm assuming direct-to-MX with my
> comments / questions.
That's a bad idea for several reasons.
> Sorry, that's somewhat nebulous. Are you asking about the z/OS SYSPROGs
> or the
On 7/23/20 2:27 PM, Seymour J Metz wrote:
Are you assuming direct-to-MX?
Given the prior comments about wanting to not smart host / off-load to a
different local SMTP server, yes, I'm assuming direct-to-MX with my
comments / questions.
Are you assuming using a mail server not under the
> What happens to email if CSSMTP (AT-TLS) is configured to *require*
> encryption and the receiving system doesn't support encryption?
Are you assuming direct-to-MX? Are you assuming using a mail server not under
the control of the z/OS system's management. If not, then I've already
addressed
On Thu, 23 Jul 2020 17:57:20 +, Seymour J Metz wrote:
>Neither LCD nor LPWD is part of RFC 959. ...
>
Agreed. Generally the RFCs impose only weak requirements on
client UIs, easily satisfied by both linemode and GUI clients.
Stronger requirements on both client and server network
interfaces.
Neither LCD nor LPWD is part of RFC 959. In an ideal world the MVS-OE
developers would have looked at what Eunix programmers in the wild actually
used and not just what was needed to get certification, but that has not always
been what they did.
--
Shmuel (Seymour J.) Metz
There's a difference between questioning the accuracy of the stated reqirement
and suggesting that he not comply with it. Why not simply ask the OP for the
exact requirement imposed by management?
--
Shmuel (Seymour J.) Metz
http://mason.gmu.edu/~smetz3
On Wed, 22 Jul 2020 16:07:54 -0500, Kirk Wolf wrote:
>...
>WinSCP has unique problems: it starts one SFTP connection for directory
>displays, and one or more for file transfers. This is a little silly
>since you can do multiple things at a time on one connection. This means
>that you can't
I just tried Bitvise and have deleted WinSCP and FileZilla - Thank you Kirk...
Lionel B. Dyck <
Website: https://www.lbdsoftware.com
"Worry more about your character than your reputation. Character is what you
are, reputation merely what others think you are." - John Wooden
-Original
On 7/23/20 12:17 AM, Timothy Sipples wrote:
I don't know why you're questioning Len's expressed*requirement*.
Experience. Specifically experience that has included being down stream
of multiple telephone games. Person A tells person B that they require
/encryption/. Then person B tells
On Wed, Jul 22, 2020 at 4:07 PM Kirk Wolf wrote:
>
> You *can* change settings interactively from most SFTP GUIs like FileZilla
> -
> - change directories to the "/+" directory (you will see your current
> settings)
> - rename the ".newoption" pretend file in that directory to the option
>
On 7/23/20 1:24 AM, Seymour J Metz wrote:
But what, someone may ask, if the realy connects to a box that doesn't
support TLS 1.2? The same thing as if the traffic from CSSMTP were
unencrypted, and not the concern of the z/OS staff unless the relay
is also running on z/OS.
What happens to
>>I see it is candidate for REXX script, but DFSORT job seems to be more
elegant.
Radoslaw Skorupka,
As Max already shown DFSORT does have an elegant file matching capability
using JOINKEYS. Please check the smart DFSORT trick "Create files with
matching and non-matching records" which is
I would be willing to follow such a convention, if there's a consensus for it,
or possibly even if it's requested by only a few. Personally I enjoy such
discussions - obviously - but I can see not everyone would.
But what constitutes OT? These things have recently started with a discussion
You can use JOIN function of DFSORT:
//ST100EXEC PGM=SORT
//SYSOUT DD SYSOUT=*
//FILE1 DD *
DSNAME01
DSNAME09
DSNAME02
DSNAME27
DSNAME04
/*
//FILE2 DD *
DSNAME09
DSNAME04
/*
//SORTOUT DD SYSOUT=*
//SYSIN DD *
JOINKEYS F1=FILE1,FIELDS=(1,44,A)
JOINKEYS F2=FILE2,FIELDS=(1,44,A)
JOIN
"Lb Foot is not a measure of pressure" ... correct. It is a measure of
torque.
A pound-foot (lbf⋅*ft*) is a unit of torque (a pseudovector). One
pound-foot is the torque created by one pound of force acting at a
perpendicular distance of one foot from a pivot point. Conversely one
pound-foot is
If you want to do it DFSORT, I think you'll have to use ICETOOL with the
SPLICE option.
Joe
On Thu, Jul 23, 2020 at 3:11 AM R.S. wrote:
> I have the following case:
>
> Large (thousands) list containing filenames,
> filea10002
> fileb10041
> filec20043
> filed39093
> longfileabc
> anotherfile
Just published this technique to provide an OVIEW option
https://community.ibm.com/community/user/ibmz-and-linuxone/blogs/lionel-dyck
1/2020/07/23/adding-oview-to-the-current-obrowse-and-oedit-comm?CommunityKey
=87042487-940e-49cc-ae6d-5a5b76c5ea7e
Tim:
Thank you, I thought it was a reasonable requirement.
Please Be Safe!
Thank You!
Len Sasso
Systems Administrator Senior
CSRA, A General Dynamics Information Technology Company
327 Columbia TPKE
Rensselaer, NY 12144
Office Hours: M-F 7 AM - 3:45 PM
Out-Of-Office:
Phone: (518) 257-4209
On Wed, 22 Jul 2020, at 22:58, Paul Gilmartin wrote:
> Should an outfitter sell climbing ropes rated in Newtons?
I have a feeling that things like safety harnesses (for people working at
height), fall-arrest systems etc are rated in Newtons etc.
It's probably because it's not just the static
I have the following case:
Large (thousands) list containing filenames,
filea10002
fileb10041
filec20043
filed39093
longfileabc
anotherfile
...
and small (dozens) list of filename "exlusions"
longfileabc
fileb10041
...
Short list is subset of long list. All files has fixed lentgh name, no
Indeed.
CSSMTP is an SMTP client. It needs to connect to an SMTP server, and in most if
not all installations there is an SMTP server dedicated to the purpose, which
serves as a relay to the outside world. If management has decreed that all SMTP
traffic be encrypted, then barring a
Quick poll for the list:
Can we all follow a 'rule' that says [OT] must be added in all off-topic
discussions, so we can filter them out if required?
- KB
‐‐‐ Original Message ‐‐‐
On Thursday, July 23, 2020 9:38 AM, Seymour J Metz wrote:
> That explains why the term used in the 19th
Grant Taylor wrote:
>That means that z/OS's CSSMTP will be near or on par with other SMTP
>servers and related problems securing SMTP traffic. Most of which have
>to do with the capabilities of the receiving SMTP server, which is
>outside of CSSMTP's control.
First of all, here's what Len Sasso
It would be best to consider switching to the z/OS Client Web Enablement
Toolkit.
There are sample programs for REXX / ASM / COB .. and I'm positive there'll be
a Python client pretty soon (IBM Open Enterprise Python for z/OS).
Don't think cURL is loved that much on Z.
Hmm .. unless client auth
If you want to work with datasets (as opposed to files in USS), Co:Z SFTP is a
no-brainer.
Believe me, it takes ages to OCOPY files from MVS to USS, especially if they're
big files.
Alternatively, do you really need SFTP?
How about something like Luminex MDI SecureTransfer.
Their products' core
43 matches
Mail list logo