Creating an encrypted password file for the System z Jazz Gateway

The System z® Jazz™ Gateway can accept a password in cleartext or a password that has been encrypted and stored in a file. In order to use an encrypted password, run a JCL job to create the file that will contain the password. The executable files that invoke the REXX client must pass a literal of <file> in the password parameter instead of passing the cleartext password itself.

The password file must be named GatewayPass and it must be in the user's home directory.

Important: Because user exits are invoked by SCLM, there is only one copy of the user exits. Individual users do not have their own user exits. If you use a cleartext password, all queries to the System z Jazz Gateway will use the same user ID and password. If you use a literal <file> for the password parameter instead of a cleartext password, the REXX client will retrieve an encrypted password file from the user's home directory. Using encrypted password files ensures that individual users have the authority to access the Jazz repository before the query is allowed to run.

To create an encrypted System z Jazz Gateway password file:

  1. Configure the sample JCL member BLZGPASS in hlq.SBLZSAMP.
  2. Set your ASCII and EBCDIC code pages. The password must be encrypted in ASCII, but in the JCL is in EBCDIC. Therefore, the password must be converted to ASCII prior to being encrypted. By default the code pages are set to ISO8859-1 for ASCII and IBM-1047 for EBCDIC.
  3. Submit the modified JCL and check the job log. The following message must be in the STDOUT: Password stored in file: "/u/youruser/GatewayPass" where /u/youruser is the directory where you created the password file. This should either be your home directory or you must copy the password file to your home directory after the job is finished.
    Note: The password has to be encoded using the same code page that the server requires. By default, the server will have been started with the -Dfile.encoding=ISO8859-1 option. The job that creates the password must use the same code page as the server in the –Dfile.encoding option.

Feedback