I'm not sure use CWET will make any difference. The cURL targets require client authentication.
The cURL targets live on z/OS (z/OS Connect, zOSMF, DB2, etc) The clients may be TSO users, batch jobs, Windows, Mac or Linux clients. The batch jobs may run under userids that do not have passwords. We cannot store passwords anywhere. No scripts, no files. Our z/OS users generally don't have certificates or keyrings. Our servers do (DB2, z/OS Connect, zOSMF, etc). Thanks Luke > It would be best to consider switching to the z/OS Client Web Enablement > Toolkit. > There are sample programs for REXX / ASM / COB .. and I'm positive there'll > be a Python client pretty soon (IBM Open Enterprise Python for z/OS). > Don't think cURL is loved that much on Z. > > Hmm .. unless client auth is required at the cURL target, you don't need to > worry about client certs, right? > Just plop on the target server's CA cert (interim & root CA) public keys in a > user keyring, and point CWET to the user keyring. > Server auth will work just fine. > > - KB > > ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ > On Thursday, July 23, 2020 10:20 AM, Filip Palian <s3...@pjwstk.edu.pl> > wrote: > > > Hey, > > > > You can read login credentials from within a script at run time from a > > separate file containing password. This file should have an adequate > > permissions and ownership set of course. > > > > Alternatively, if you control the target, perhaps you can whitelist > > your curl/client. > > > > I hope that helps. > > > > Cheers, > > F > > > > W dniu czwartek, 23 lipca 2020 Luke akal...@hotmail.com napisał(a): > > > > > Hi All > > > I'm wondering if anyone is using cURL on z/OS in a production setting? > > > I'm interested how to utilise cURL when the target URL requires > > > authentication. > > > We can't use Basic Auth because we are not able to store usernames > > > and password in scripts or batch jobs. > > > We can't easily use certificates because our users on z/OS do not > > > have certificates and our Windows based corporate certificate > > > management doesn't allow users access to the private keys of their > Windows certificates. > > > Anyone else using cURL for DevOps on z/OS and how are you securing it? > > > > > > For IBM-MAIN subscribe / signoff / archive access instructions, send > > > email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > > > > -- > > > > For IBM-MAIN subscribe / signoff / archive access instructions, send > > email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, send email to > lists...@listserv.ua.edu with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
