Set pwdsn to a DD

Discussion of Co:Z sftp, a port of OpenSSH sftp for z/OS
Post Reply
mdgilmore
Posts: 5
Joined: Thu Dec 08, 2016 12:28 pm

Set pwdsn to a DD

Post by mdgilmore »

We will be using another product that contains passwords in a Vault. The SFTP users will run a set prior to SFTP to retrieve the password and put it in a passed DSN:
//CREDOUT DD DSN=PASSWORD.FILE,DISP=(NEW,PASS,DELETE)

Can I set pwdsn in the SFTP step to read the PASSWORD.FILE from the DD:CREDOUT ?
dovetail
Site Admin
Posts: 2022
Joined: Thu Jul 29, 2004 12:12 pm

Re: Set pwdsn to a DD

Post by dovetail »

It is not possible to use a DD to reference a password data set.
This is because it is the IBM OpenSSH client process that invokes the SSH_ASKPASS program to produce a password and this process is run in a separate OMVS address space.
mdgilmore
Posts: 5
Joined: Thu Dec 08, 2016 12:28 pm

Re: Set pwdsn to a DD

Post by mdgilmore »

I was able to get this working using:

In the Pre-SFTP Step:

//CREDOUT DD DSN=????????.TEMP.PASSWORD.FILE,DISP=(NEW,PASS,DELETE),
// DSORG=PS,LRECL=80,RECFM=FB,
// UNIT=WORK,SPACE=(TRK,(5,5),RLSE)

In the SFTP Step:

//SFTPIN DD *
user=????????
pwdsn=????????.TEMP.PASSWORD.FILE
host=server_name
. $script_dir/sftp_connect.sh << EOB
pwd
ls -al
EOB
/*

What I would really like to be able to use is:
Pre-Step:
//CREDOUT DD DISP=(,PASS),DSN=&&TEMPF,
// DSORG=PS,LRECL=80,RECFM=FB,
// UNIT=WORK,SPACE=(TRK,(5,5),RLSE)

In the SFTP Step:

//SFTPIN DD *
user=????????
pwdsn=//DD:&&TEMPF or pwdsn=&&TEMPF
host=server_name
. $script_dir/sftp_connect.sh << EOB
pwd
ls -al
EOB
/*
dovetail
Site Admin
Posts: 2022
Joined: Thu Jul 29, 2004 12:12 pm

Re: Set pwdsn to a DD

Post by dovetail »

It won't be possible to use a temporary dsn like &&TEMPF. This is because these are mapped into uncatalogued data sets by the local address space. The z/OS ssh client (/bin/ssh) runs as a child process in a separate address space, so that when it runs /coz/bin/read_passwd_dsn.sh, the &&TEMPF name can't be resolved in a different address space.
mdgilmore
Posts: 5
Joined: Thu Dec 08, 2016 12:28 pm

Re: Set pwdsn to a DD

Post by mdgilmore »

How can I pass data from the z/OS Job to the OMVS environment created by the z/OS Job?
dovetail
Site Admin
Posts: 2022
Joined: Thu Jul 29, 2004 12:12 pm

Re: Set pwdsn to a DD

Post by dovetail »

What kind of data?

When running CO:Z SFTP (a z/OS Unix shell command), you would commonly use our COZBATCH utility to run a z/OS Unix batch shell script and then invoke <coz>/bin/cozsftp from that. We provide sample procs, JCL, and shell scripts that simply this.

If you are asking how to pass the values from JCL into environment variables that are accessible from the shell script, then take a look at the COZBATCH User's guide examples: https://www.dovetail.com/docs/cozbatch/examples.html

Examples 7, 8 show a basic technique, but example 14 shows how exported JCL symbols can be accessed in COZBATCH as "JES_*" environment variables.

If you can provide an example or more details we would be happy to assist.
Post Reply