Every user that logs in to your FTP server requires access
to that server. Use these steps to provide and control user access
to your server.
Before you begin
You need to know which users you want to allow to log in to
your FTP server. You need to know whether your IP network is configured
to use named security zones.This procedure assumes
that you are using RACF® as
your security product. You can, however, use any SAF-compliant security
product.
Procedure
Perform the following steps to control user access to
the FTP server:
- Provide each user who is going to log in to the FTP server
with a z/OS® UNIX UID.
You can either provide
a UID to the user, or the user can use the default UNIX UID.
- If your IP network is configured to use named security
zones, each defined security zone has a SERVAUTH profile for the resource
named EZB.NETACCESS.sysname.tcpname.zonename. If the
client IP address is mapped into a network access security zone, grant
each login user ID READ access to the SERVAUTH profile that corresponds
to the security zone.
- Do one or more of the following items to allow only certain
users to log in to the FTP server:
- (Optional) Set up transport layer security (TLS) support
or Kerberos support for the FTP server.
The FTP server
supports TLS. TLS enables secure file transfer by providing data privacy,
message authentication, and message integrity services for data sent
and received using the FTP control and data connections. For information
about setting up TLS support for the FTP server, see
Customizing Transport Layer Security and Kerberos security.
You can use the Generic
Security Service Application Programming Interface (GSSAPI) to authenticate
FTP clients to FTP servers. For more information about setting up
GSS support for the FTP server, see Customizing Transport Layer Security and Kerberos security.
Results
When you are finished, only certain users will be able
to log in to your FTP server.