" You might also consider using a "port of entry" (the TERMINAL CLASS), to restrict access by IP address. "
I could see examples on CICS but any syntax which secures the port 21 alone ? Jake On Fri, Jun 8, 2012 at 10:48 PM, Kirk Wolf <k...@dovetail.com> wrote: > Steven is an expert in this area, but there is also some good information > in the IBM document: > > > http://publibz.boulder.ibm.com/cgi-bin/bookmgr_OS390/FRAMESET/F1A1B391/2.3.4.1?SHELF=F1A1BKB1&DT=20100121150057 > See "Steps for< > http://publibz.boulder.ibm.com/cgi-bin/bookmgr_OS390/BOOKS/F1A1B391/2.3.4.1.3?SHELF=F1A1BKB1&DT=20100121150057&FS=TRUE&ScrollTOP=HDRWQ678#HDRWQ678 > > > controlling user access to the FTP server" in topic > 2.3.4.1.3< > http://publibz.boulder.ibm.com/cgi-bin/bookmgr_OS390/BOOKS/F1A1B391/2.3.4.1.3?SHELF=F1A1BKB1&DT=20100121150057&FS=TRUE&ScrollTOP=HDRWQ678#HDRWQ678 > > > )." > > You might also consider using a "port of entry" (the TERMINAL CLASS), to > restrict access by IP address. > > Kirk Wolf > Dovetailed Technologies > http://dovetail.com > > On Fri, Jun 8, 2012 at 7:41 AM, Steven St.Jean <sstj...@sdsusa.com> wrote: > > > Jake, > > > > I do not use FTCHKPWD, but I use FTCHKCMD to control user access (and > lots > > of other things). I preferred FTCHKCMD, because I found I could > accomplish > > everything that FTCHKPWD allowed me to do and more, and it shares a > > scratchpad with FTPOSTPR. > > > > The server exits are pretty easy to install and test. You can use a > > STEPLIB > > in your FTP server proc and put the exits in there. Changes are picked > up > > right away, since the FTP server spawns a new address space for each > > session. Just assemble and link your exit to the STEPLIB library and > > connect to the server. > > > > The exits need to be in an APF authorized library, and must be > > program-controlled, like this: > > > > RDEF PROGRAM FTCHKCMD ADDMEM ('LOAD.LIBRARY.NAME'/volser /NOPADCHK) > > UACC(READ) > > SETR WHEN(PROGRAM) REFRESH > > > > Failure to do this will result in messages like this to the console: > > > > ICH420I PROGRAM FTCHKCMD FROM LIBRARY LOAD.LIBRARY.NAME CAUSED THE > > ENVIRONMENT TO BECOME UNCONTROLLED > > BPXP014I ENVIRONMENT MUST BE CONTROLLED FOR DAEMON (BPX.DAEMON) > > PROCESSING. > > > > You can make SAF (RACROUTE) calls from the exits. > > > > The number of parameters passed to the exits can change from release to > > release, so be sure to check the second parameter, which tells you how > many > > parameters are passed. > > > > Hope this helps. > > > > Steven St.Jean > > http://sdsusa.com > > > > > > > -----Original Message----- > > > From: IBM Mainframe Discussion List [mailto:IBM-MAIN@bama.ua.edu] On > > > Behalf Of Jake anderson > > > Sent: Friday, June 08, 2012 6:05 AM > > > To: IBM-MAIN@bama.ua.edu > > > Subject: Controlling the FTP server - FTCHKPWD > > > > > > Dear List, > > > > > > Good Day !! > > > > > > To control the FTP server we know we can use FTCHKPWD user exit. Has > > > anyone used this EXIT at your shop to control the FTP access ? Just > > > wanted to understand the method to install this exit and control only > > > the specified user gaining access to FTP server running on Z/OS. > > > > > > Environment : Z/OS 1.8 > > > > > > Resource link : > > > > http://publib.boulder.ibm.com/infocenter/zos/v1r11/index.jsp?topic=/com. > > > ibm.zos.r11.halz002/f1a1b391185.htm > > > > > > Any comments or suggestions would help a lot > > > > > > Jake > > > > > > ---------------------------------------------------------------------- > > > For IBM-MAIN subscribe / signoff / archive access instructions, send > > > email to lists...@bama.ua.edu with the message: INFO IBM-MAIN > > > > ---------------------------------------------------------------------- > > For IBM-MAIN subscribe / signoff / archive access instructions, > > send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN > > > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN
