Portal | Manuals | References | Downloads | Info | Programs | JCLs | Master the Mainframes
IBM Mainframe Computers Forums Index
 
Register
 
IBM Mainframe Computers Forums Index Mainframe: Search IBM Mainframe Forum: FAQ Memberlist Usergroups Profile Log in to check your private messages Log in
 

 

Restrict use of Telnet command from TSO?

 
Post new topic   Reply to topic    IBMMAINFRAMES.com Support Forums -> JCL & VSAM
View previous topic :: :: View next topic  
Author Message
Maureen Tary

New User


Joined: 26 Sep 2008
Posts: 2
Location: Connecticut, USA

PostPosted: Fri Sep 26, 2008 6:00 am    Post subject: Restrict use of Telnet command from TSO?
Reply with quote

Hello. Is it possible to restrict the use of a specific TSO command with RACF rules ? I want to prevent a userid from being able to successfully issue TSO TELNET to connect to telnet server and external access.
Thanks for any hints.
Back to top
View user's profile Send private message

expat

Global Moderator


Joined: 14 Mar 2007
Posts: 8593
Location: Back in jolly old England

PostPosted: Fri Sep 26, 2008 11:07 am    Post subject:
Reply with quote

What about security on the server ?

Not sure that RACF can stop a REXX execution unless access to that specific dataset / PDS is denied.

You can use RACF to protect program usage, but as far as I know, not a REXX execution.
Back to top
View user's profile Send private message
nevilh

Active User


Joined: 01 Sep 2006
Posts: 258

PostPosted: Fri Sep 26, 2008 4:27 pm    Post subject:
Reply with quote

TELNET is a program
Back to top
View user's profile Send private message
dick scherrer

Site Director


Joined: 23 Nov 2006
Posts: 19270
Location: Inside the Matrix

PostPosted: Fri Sep 26, 2008 8:38 pm    Post subject:
Reply with quote

Hello Maureen and welcome to the forums,

Your security people should be able to restrict access to TSO/TELNET.

If your goal is to prevent people from gaining access to remote systems via TELNET, i suspect there is a much larger exposure from their desktop system. In additon to the many tcp/ip products (which is how most places connect to their mainframe), there is a Microsoft Telnet Client on every Windows system i use.
Back to top
View user's profile Send private message
Maureen Tary

New User


Joined: 26 Sep 2008
Posts: 2
Location: Connecticut, USA

PostPosted: Fri Sep 26, 2008 8:56 pm    Post subject:
Reply with quote

I am not the security admin but am trying to advise them on this....
I think the answer lies in the SERVAUTH class rule and establishing a profile for EZB.STACKACCESS.lpar.TCPIP. Then by granting no access to this profile for users that need to be prevented from using the TELNET command. I had hoped to be able to prevent specific command use for individual users on the tso side. Thanks to all for reading this and posting your comments.
Back to top
View user's profile Send private message
View previous topic :: :: View next topic  
Post new topic   Reply to topic    IBMMAINFRAMES.com Support Forums -> JCL & VSAM All times are GMT + 6 Hours
Page 1 of 1

 

Search our Forum:

Similar Topics
Topic Author Forum Replies Posted
No new posts Fail to change physical VSAM filename... jacobdng CICS 6 Fri Jan 20, 2017 12:36 pm
No new posts What is the command to check MODE of ... rohanthengal CLIST & REXX 7 Fri Nov 18, 2016 1:48 pm
No new posts SDSF Command Avtrix CLIST & REXX 4 Fri Sep 30, 2016 11:13 am
No new posts How to find a CICS resource used in C... Arunkumar Chandrasekaran CICS 8 Thu Sep 29, 2016 1:45 pm
No new posts COMPARE command sivatechdrive TSO/ISPF 7 Fri Sep 16, 2016 4:31 pm


Facebook
Back to Top
 
Mainframe Wiki | Forum Rules | Bookmarks | Subscriptions | FAQ | Tutorials | Contact Us