RACF certificate propagation

Discussion of the Co:Z Co-Processing Toolkit for z/OS
Post Reply
DClassic53
Posts: 35
Joined: Wed Feb 11, 2009 10:23 am

RACF certificate propagation

Post by DClassic53 » Thu Mar 17, 2016 2:09 pm

We've been using the Co:Z Toolkit for a number of years and running SSHD on z/OS per the Toolkit's instructions.

Our Information Security group uses a Linux system to generate certificates. A process was put in place and tested successfully multiple times last year to:
  1. gen a cert
  2. scp the cert to z/OS
  3. sub a job to z/OS to then
    1. oget the cert to a MVS data set using binary
    2. add the cert to RACF
In the last few days we've begun using that process due to some new certificates being needed on z/OS. But the add to RACF is failing with:
  • IRRD104I The input data set does not contain a valid certificate.
If I have the cert file on Linux copied to a USB stick, place the USB stick in my PC, and then IND$FILE the cert up to a MVS data set, the add to RACF works fine. So I think I'm left with the possibility that either (a) the scp command or (b) the oget command is causing a problem. Any suggestion on how would I go about determining if scp is the culprit :( ? or oget :shock: ?
David

DClassic53
Posts: 35
Joined: Wed Feb 11, 2009 10:23 am

Re: RACF certificate propagation

Post by DClassic53 » Thu Mar 17, 2016 3:46 pm

I may have answered my own question. The Linux staff here is convinced that scp does binary transfers in their world. But according to the Ported Tools documentation (IBM Ported Tools for z/OS: OpenSSH V1.2.0 User's Guide):
  • By default, scp treats files as text. It assumes that all data going over the network is encoded in ASCII coded character set ISO 8859-1.
David

Post Reply