On Wed, 4 Feb 2015 17:11:12 -0500, Mark Jacobs - Listserv wrote: >You should really, really use public key authentication instead of >user/passwords. > I suggested that initially. But now I think of one utility my employer supplies which requires user/password. The admins are shirking the chore of adding each entitled public key to the utility's .ssh directory.
Process. If a user becomes disentitled, established process removes him from LDAP, and user/password is disabled. Of course that process should also lock the user's HOME directory, likewise disabling ssh/sftp. And, FWIW, ssh/sftp transfer the password *after* securing the connection. On 2015-02-04 15:08, Grinsell, Don wrote: > This is what I use: > //* > //STDENV DD DSN=USERID.TSOLIB.PDS(ASKPASS),DISP=SHR > ... > USERID.TSOLIB.PDS(ASKPASS) contains: > SSH_ASKPASS=/u/systech/userid/.ssh/askpassrds.sh > Kinda circuitous. Why not simply code that value in an instream STDPARM? (But you might instead want the flexibility of: //STDENV DD DSN=&SYSUID.TSOLIB.PDS(ASKPASS),DISP=SHR ) -- gil ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN