We tried SSL/TLS and it seems to work like we wanted. Thanks to Walt and the other listers that responded for pointing us in the right direction.
David Huysmans On Thu, 18 May 2006 15:19:47 -0400, Walt Farrell <[EMAIL PROTECTED]> wrote: >On 5/18/2006 9:05 AM, David Huysmans wrote: >> we want to send data between 2 different MVS sysplexes. We’re planning to >> use FTP as the protocol for the datatransfer. >> The only problem we have with this is the confidentiality of the passwords >> we have to use to set up the communication. >> The user(s) we will use for the FTP needs to have access to a lot of >> production data, so the impact when the password is revealed, could be huge. >> > >You could do that with an SSL/TLS session between your z/OS FTP client >and your z/OS server, with client authentication based on digital >certificates. The server can accept the client's certificate, map it to >a user ID, and complete the authentication without the need to flow a >password. > > Walt Farrell, CISSP > z/OS Security Design, IBM > >---------------------------------------------------------------------- >For IBM-MAIN subscribe / signoff / archive access instructions, >send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO >Search the archives at http://bama.ua.edu/archives/ibm-main.html >========================================================================= ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
