Richard Peurifoy Re: FTPS rc = 406 (Error while reading o... You can read more about virtual keyrings in Chapter 5 of this book online: http://www.redbooks.ibm.com/redbooks/SG247248/wwhelp/wwhimpl/java/html/wwhelp.htm I think virtual keyrings are pretty cool once you figure out how to use them. 3. Profiles in the RDATALIB class have the form
Finley, Frank Re: FTPS rc = 406 (Error while reading or wr... You don't have to create this keyring (it's virtual). I know it works on the ldapsearch command but haven't tried it with FTP yet. Any user who has READ access to FACILITY class profile IRR.DIGTCERT.LISTRING has the authority to use this virtual keyring. visit
I suggest you open a PMR and get some help from the Comm Server folks. The last time I got one of these, it turned out to be the server was sending an FTP error message in the middle of the SSL negotiation. Windows clients aren't having any issues connecting to their server.
SC3360 smf_stat_session: entered GU4167 checkSpec: entered with 04 (0,3) CU1598 subtype_102: entered CU1701 build_security_section: entered SC3689 getLastReply: entered PC0907 setClientRC: entered SC3689 getLastReply: entered PC0977 setClientRC: std_rc=26530, rc_type=STD, rc=26530 >>>>>>>>>>LOOK EZA1735I ibm ! Sorry I don't have much experience with that. Eza1735i Std Return Code = 10000, Error Code = 00008 The KEYRING statement is described here: http://publibz.boulder.ibm.com/cgi-bin/bookmgr_OS390/BOOKS/F1A1B471/2.12.68?SHELF=EZ2Z \ O10K&DT=20080122114206 Regards, Mike Steven Wake
Unfortunately in these cases, you need to run a packet and/or GSK trace. Eza1735i Std Return Code = 10220, Error Code = 00017 This is outside a firewall, but ports have been open between our two locations. Also, keyring names are case sensitive, so that could be it as well. I believe there was a fix for the FTP server (part of the Comm Server) some time ago so that you could have it use only the keyring owned by the
So if you created a keyring for USER1 named RING1, as I mentioned in option 4 of my note, you must specify KEYRING USER1/RING1 when you configure the FTP client. Discover More CU1826 write_smfTable_record_119: entered with table index 0. Eza1735i Std Return Code = 10234, Error Code = 00017 COM> Date: 2008-12-18 18:07:27 Message-ID: OF04D68B79.7473DC53-ON85257523.006243AB-85257523.00635EA9 () us ! Eza1735i Std Return Code = 10234, Error Code = 00010 com [Download message RAW] Hi Steven, I think we're past the SSL handshake at this point and on to other issues with FTP configuration.
The KEYRING statement is also the place where you could specify *AUTH*/* if you wanted to try the virtual keyring I mentioned in option 1. http://juicecoms.com/return-code/vsam-catalog-return-code-is-8-reason-code-is-igg0cleg-42.html I'm thinking maybe that's the way it's still set. In order for all the clients to use the same keyring, you have to specify the KEYRING statement in the FTP client setup in the form userid/keyring name. This was easy to see in a packet trace. Eza2897i Authentication Negotiation Failed
Don't forget you have to RACLIST the RDATALIB class for it to work. FC0760 authServer: entered FC0767 authServer: secure_socket_open() SC3717 getFNDELAY: entered FC0834 authServer: secure_socket_init() FU0536 secureWrite: entered FU0436 secureRead: entered SC3752 setFNDELAY: entered FC0847 authServer: secure_socket_init failed with rc = 406 (Error while IBM ! Check This Out We are using RACF for the certificates and I have verified that the certificate chain is in place for the user.
I am having issues with an FTPS connection to a remote host. Eza1735i Std Return Code = 27550, Error Code = 00002 HesabımAramaHaritalarYouTubePlayHaberlerGmailDriveTakvimGoogle+ÇeviriFotoğraflarDaha fazlasıDokümanlarBloggerKişilerHangoutsGoogle'a ait daha da fazla uygulamaOturum açınGizli alanlarGrupları veya mesajları ara [prev in list] [next in list] [prev in thread] [next in thread] List: racf-l Subject: Re: Multi ID's on a single Key Ring From: Michael Kearney
Finley, Frank Re: FTPS rc = 406 (Error while reading or wr... IBM Z/OS 1.8 (our side) client connecting to a Unix FTPS server running proftpd. Hal Merritt Re: FTPS rc = 406 (Error while reading or writin... Eza1735i Std Return Code = 27553, Error Code = 00002 If you just specify KEYRING RING1, the FTP client will expect every user to have a keyring called RING1.
CZ1152 SETCEC code = 11 >>>>>>>>>>>>>>LOOK SC3817 setLoggedIn: entered CU2842 write_smf_record: entered with type -1. We're getting into FTP client setup here, I think. If you want to do it the old fashioned way, you have to give all of the users UPDATE access in FACILITY class profile IRR.DIGTCERT.LISTRING I don't recommend this way because this contact form Now you can give a user READ access to a specific keyring using profiles in the RDATALIB class.
More info here: http://publibz.boulder.ibm.com/cgi-bin/bookmgr_OS390/BOOKS/ICHZD180/2.26.4?SHELF=EZ2ZO \ 10K&DT=20070427233434 Regards, Mike [prev in list] [next in list] [prev in thread] [next in thread] Configure | About | News | Addalist | SponsoredbyKoreLogic The For other SSL problems, the GSK trace is probably better. -- Richard ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: GET IBM-MAIN Richard Peurifoy Reply via email to Search the site The Mail Archive home ibm-main - all messages ibm-main - about the list Expand Previous message Next message The Mail Archive home There's something new in z/OS 1.9 called a virtual keyring. *AUTH*/* is the name of the virtual keyring that includes all of the CERTAUTH certificates.
So that's one approach. With z/OS 1.9 there's more granular support for allowing a user to have READ access to an individual keyring owned by someone else, rather than option 3 above.