In addition to describing the FTAC-SUPPORT operand in theSET-FTP-TELNET-PARAMETERS command (see "Installing FTP and TELNET via SDF command"/"Configuration of FTP using the SET-FTP-TELNET- PARAMETERS installation command"), this section provides additional information to be noted when using FTAC functionality:
In order to access the FTAC functionality, you will need to use openFT for BS2000.
Once FTAC functionality is activated, further FTP access to the TSOS ID via an interactive logon is not possible because an alternative access option is provided in this case by means of FTAC transfer admission (but see the -allowTsosLogin option on "-allowTsosLogin").
In order to protect the TSOS password from being illegally intercepted, the input of a wrong LOGON password for the TSOS ID (when FTAC functionality is disabled) is penalized with a time delay, which increases with each further invalid attempt. Following each invalid password attempt, the connection request is rejected after about five seconds. It is only on completion of this time penalty that a successful LOGON attempt can be made, regardless of whether or not the correct password was specified in the mean time. The duration of the time penalty remains invisible to potential "intruders".
If the FTAC check has been enabled, even the FTAC administrator and the owners of the user IDs involved in an FTP transfer will need to take some actions (e.g. adapt the admission sets), since FTP access could otherwise be locked for many/all user IDs.
It is therefore important to define an appropriate migration strategy in advance:
One option is to select the FTAC check at level 1, i.e. where access is not verified as before by FTAC via an interactive logon, but where access can be additionally controlled via FTAC transfer admissions.
A further (or additional) option would be to install two servers in parallel (one with the standard port number 21 and one with some other port number) during a transitional phase, for example (see the section “Setting up further FTP server tasks”). In this case, only one server performs the full FTAC check (level 2).