Skip to Main Content
IBM Z Hardware and Operating Systems Ideas Portal


This is the public portal for all IBM Z Hardware and Operating System related offerings. To view all of your ideas submitted to IBM, create and manage groups of Ideas, or create an idea explicitly set to be either visible by all (public) or visible only to you and IBM (private), use the IBM Unified Ideas Portal (https://ideas.ibm.com).


Shape the future of IBM!

We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:

Search existing ideas

Start by searching and reviewing ideas and requests to enhance a product or service. Take a look at ideas others have posted, and add a comment, vote, or subscribe to updates on them if they matter to you. If you can't find what you are looking for,

Post your ideas
  1. Post an idea.

  2. Get feedback from the IBM team and other customers to refine your idea.

  3. Follow the idea through the IBM Ideas process.


Specific links you will want to bookmark for future use

Welcome to the IBM Ideas Portal (https://www.ibm.com/ideas) - Use this site to find out additional information and details about the IBM Ideas process and statuses.

IBM Unified Ideas Portal (https://ideas.ibm.com) - Use this site to view all of your ideas, create new ideas for any IBM product, or search for ideas across all of IBM.

ideasibm@us.ibm.com - Use this email to suggest enhancements to the Ideas process or request help from IBM for submitting your Ideas.

Status Future consideration
Workspace z/OS
Created by Guest
Created on Mar 22, 2017

Enable PASSTICKET support for the FTP Client

There needs to be an option added to the FTP Client to enable the use of PASSTICKET as an authentication metric. Currently the only options that can be used with FTP Client is Password/MFA or X509 Certificate logon.
The issue with password logon is that in things like batch jobs the password becomes exposed in the dataset or netrc file and is considered a security risk.
The issue with MFA is again with BATCH jobs is if the job is not dispatched fast enough it fails and will not allow it to be run during a particular time period in late night processing.
While Certificates do address the issues mentioned above the additional overhead of maintaining certificates across 15 sysplex environments becomes daunting without something like NSSD to provide support.
Adding this option say a –P allows for FTPClient to create the one time passticket password and the FTP server should not need an update since the RACROUTE call should check to see if the passticket is either a password or passticket.

Idea priority High
  • Guest
    Reply
    |
    Aug 17, 2022

    This issue has become more relevant during the last few years. The pressure from the business for secure file transfer has only increased. One of the z Series biggest selling point is that it is secure. Well, this is a major weakness that deserves immediate attention. You can say IBM has a secure solution, but it's super difficult to manage. We need a simpler, more robust solution.
    One idea is to have to option to 1) reject in-stream NETRC (//netrc dd *), and 2) enforce NETRC in the second qualifier of the data set name, so the ACS routine could force &DSN = .NETRC.* then SET &DATACLAS= 'NETRC'. NETRC data class would enable data set encryption.

    Clenio Oliveira.