Funny you should ask. I am working on some ftp job streams. There are
two approaches, both of which depend on your job having access to files
that no other non-SM user does. From there, there are no small number of
tricks to achieve something like this.
The more obvious of the two is to use
run ftp.arpa.sys; stdin=ftpcmds
in your job stream, where that ftpcmds is well secured. In fact, that
line comes from the Using FTP Commands in UDCs and Programs portion, of
Chapter 4 Using FTP, in the HP ARPA File Transfer Protocol User's Guide.
The far less obvious is to use a NETRC file, and file equate it to
something well secured. Someone posted a question about this to the
list, and when I searched the entire LaserROM, I found the following in
a Software Release Bulletin (so for those of you looking for MPE trivia
stumpers...)
Full NETRC file functionality
1. The file resides in NETRC.<home-group>. File equations are allowed,
so if you were logged as JOE.SCHMOE and wanted to use a NETRC file
residing elsewhere on the system, you could issue the file equation:
file NETRC.<JOE's home group>=NETRC.<other-group>.<other-account>
2. a. The syntax for each line of the file is:
machine <string> login <string> password <string>
or
default login <name> password <name>
b. There should be at most one "default" entry per file.
c. Each of the tokens "machine", "login", "password" and "default"
must match exactly, and must be in lower-case.
d. Each token must be separated by any number of SPACE or TAB
characters.
e. Each <string> identifier may be encapsulated by double-quotes,
i.e. e.g.,
machine "HPBOX" login "JOE.SCHMOE" password "USER,ACCT"
and
machine HPBOX login JOE.SCHMOE password USER,ACCT
are equivalent. This feature would be useful when a space is
embedded as part of a password, for example.
Note: unencrypted password stored in a file like this constitute a
security risk. If this is a problem, try the following command:
:altsec netrc.<home-group>.<account>;access=(r,w,a,l,x:cr)
If this is still a problem, don't use a NETRC file! It is
provided for usability, but its use is by no means required.
>----------
>From: Bruce Conrad[SMTP:[log in to unmask]]
>Sent: Friday, October 10, 1997 4:10 PM
>To: [log in to unmask]
>Subject: [HP3000-L] FTP passwords?
>
> How do people handle FTP passwords?
>
> We would prefer to not have to embed system passwords into JCL. We
> have Maestro, and will probably use that to 'hide' the passwords from
> prying eyes. I'm just looking for other alternatives/suggestions...
>
> fyi, we ftp from our HP3000's to remote HP3000's, IBM ES9000's, and
> other systems. [could be AS/400, VAX, Alpha, u-name-it]
>
> Bruce Conrad, Software Control Analyst
> Harvard Pilgrim Health Care, Quincy, MA
> www.HarvardPilgrim.Org
> //members.aol.com/bhconrad/index.html
>
> "All the women of my dreams, were the kind that lived beyond my
> means." - Level 42
>
|