We are in the process of converting a number of MRJE/NRJE processes over to
FTP and some concerns have surfaced:
 
1.  When connecting through FTP to the HP3000 UDCs are *not* activated and
thus any security packages that are UDC activated do not intervene.
 
2.  Many sites, including ours, are relying on these 3rd party security
packages and have established 'generic' logons (FINANCE, ACCT, etc..)
without passwords (The password is associated with the user's session
name).  The implication being that someone, from another site could use the
'password less' 'generic' user id and 'ftp' into the HP3000 with the full
access and capabilities of that user.
 
I know that some security packages provide 'procedure exit' routines that
will trap eveb 'ftp' logons but I was wondering if there is a way of
controlling the mpe user names that can 'ftp' into an HP3000.  It would be
nice if HP would define a new user capability or if the 'ftp' monitor
process would cross-reference any user trying to logon against a system
list.
 
I'd like to hear from anyone that may be in a similar situation and what,
if any, measures were taken to remedy those concerns.
 
Thanks
 
Paul H. Christidis