How does the FTP server use SAF? What happens if you omit the userid and password? If the copy to the internal reader uses n ACEE for your userid thn everything might work.
-- Shmuel (Seymour J.) Metz http://mason.gmu.edu/~smetz3 עַם יִשְׂרָאֵל חַי נֵ֣צַח יִשְׂרָאֵ֔ל לֹ֥א יְשַׁקֵּ֖ר ________________________________________ From: IBM Mainframe Discussion List <[email protected]> on behalf of Donald Russell <[email protected]> Sent: Friday, October 31, 2025 12:09 PM To: [email protected] <[email protected]> Subject: OTP authentication External Message: Use Caution We have systems external to z/OS that submit jobs to JES over encrypted ftp sessions. We “site filetype=jes” then “put” a jcl file. Unfortunately the JCL JOB statement uses the same USERID= and PASSWORD= values as were used to authenticate for the ftp connection. That all worked perfectly until password/phrases were replaced with OTP. One-Time Password. Well, the one time use gets into ftp, now the submitted job fails because the password check fails. I’m not on the z/OS side of things, but I want to help them by providing a possible solution. I’m thinking a user exit could vet the JCL submitted through site filetype=jes to skip the password check when the job is submitted that way. The exit should either (en)force the JOB USERID= value to match the ftp id, or perhaps recognize a special userid id of FTPJES that the user exit would change to the ftp user logged in and accept the job without further password checks. Has anybody else run into this problem, and what did you do to solve it? Cheers, Don ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
