How to use an XCOM for Linux encrypted password on z/OS
search cancel

How to use an XCOM for Linux encrypted password on z/OS

book

Article ID: 271739

calendar_today

Updated On:

Products

XCOM Data Transport - z/OS XCOM Data Transport - Linux PC XCOM Data Transport - Windows

Issue/Introduction

Need guidance with coding/entering into the XCOM for z/OS SYSIN01 DD the encrypted password (hash) created by the XCOM for Linux XCOMENCR utility.
Currently, a transfer using the encrypted password fails while a transfer using the plain text password is successful. 

Findings:
- Encrypted password never works.
- Plain password always works.
- When using the encrypted password on the z/OS, there's a misleading network error and don't see any "XCOMU0287E Error setting remote user id" reported back. There are also no errors in the Linux xcom.log or any other error in files /var/log/secure or /var/log/messages.

Please provide the correct steps to be followed on the z/OS side to get the encrypted password to work.

Resolution

In the XCOM for z/OS SYSIN01, the encrypted PASSWORD parameter can have a maximum length of 70 bytes.
Therefore to use the Linux encrypted password on z/OS requires these steps to change it:
a. Remove any space characters.
b. Remove the trailing 00.
c. Change the encrypted password to use uppercase letters (CAPS).

For Example:
If the XCOMENCR on Linux generates:
PASSWORD.ENCRYPTED=5e 79 44 67 e4 e0 cc de c8 f6 9a 6e 63 9c 66 8d 72 8c 5b 79 65 7e 67 89 84 8d 57 7e 70 80 49 8a 80 9f 58 00 
Then this value needs to be used on z/OS:
PASSWORD=5E794467E4E0CCDEC8F69A6E639C668D728C5B79657E6789848D577E7080498A809F58

NOTE:  XCOM for z/OS does not use the ".ENCRYPTED" notation like LUW platforms to identify the encrypted value parameters.

Additional Information

1. Since XCOM for z/OS needs to distinguish between passphrases and encrypted passwords, both of which could be long, any contents of the PASSWORD field which reaches out to the 70th character is considered to be an encrypted password. If need to enter a plain text passphrase that is longer than 69 bytes, line continuation must be used where the plus sign and blank ("+ ") terminate the line. The passphrase can then continue on the next line, starting between columns 2 and 16 inclusive.
Examples:
a. Below is treated as plain text and reads both lines for value:
PASSWORD='I am a 100-byte length passphrase used in XCOM team testing. I am '+ 
  'not lengthy to remember for anyone'
b. Below is treated as an encrypted value:
PASSWORD=5E794467E4E0CCDEC8F69A6E639C668D728C5B79657E6789848D577E7080498A809F58

2. Linux/Unix USERIDs are case-sensitive. On z/OS the exact case of the USERID needs to be used as well as the CAPS OFF command to ensure the case is not changed automatically while saving the data set member.

3. XCOM™ Data Transport® for z/OS 12.0 > Using > The Batch Interface > SYSIN01 Parameters