Don, Where did the ASKPASS come from?
Rob Rob Schramm Senior Systems Consultant On Wed, Feb 4, 2015 at 5:34 PM, Paul Gilmartin < [email protected]> wrote: > On Wed, 4 Feb 2015 17:11:12 -0500, Mark Jacobs - Listserv wrote: > > >You should really, really use public key authentication instead of > >user/passwords. > > > I suggested that initially. But now I think of one utility my > employer supplies which requires user/password. The admins > are shirking the chore of adding each entitled public key to > the utility's .ssh directory. > > Process. If a user becomes disentitled, established process > removes him from LDAP, and user/password is disabled. > > Of course that process should also lock the user's HOME directory, > likewise disabling ssh/sftp. > > And, FWIW, ssh/sftp transfer the password *after* securing the > connection. > > On 2015-02-04 15:08, Grinsell, Don wrote: > > This is what I use: > > //* > > //STDENV DD DSN=USERID.TSOLIB.PDS(ASKPASS),DISP=SHR > > ... > > USERID.TSOLIB.PDS(ASKPASS) contains: > SSH_ASKPASS=/u/systech/userid/.ssh/askpassrds.sh > > > Kinda circuitous. Why not simply code that value in an instream STDPARM? > > (But you might instead want the flexibility of: > //STDENV DD DSN=&SYSUID.TSOLIB.PDS(ASKPASS),DISP=SHR > ) > > -- gil > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO IBM-MAIN > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
