matrix0511
asked on
Is there a way to Setup my AS400 Session so that I automatically logs me on without having to type username/password?
I have to login and out of AS400 sessions all the time and hate having to login everytime. Is there a way to setup some kind of automation where I dont' have to enter username and password on green screen? Maybe a setup in Operations Navagator?
Anything would help.
Thanks!
8-26-2010-10-33-59-AM.jpg
Anything would help.
Thanks!
8-26-2010-10-33-59-AM.jpg
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Note that you also will need to have your connection set to enable "bypass signon".
Technically, everyone probably ought to be set up to bypass signon. The telnet Signon screen is one of the biggest security holes in the system unless you're running over VPN or have otherwise encrypted sessions. The Signon screen was useful in the days of direct-attach terminals. In telnet environments, it's trouble waiting to happen.
Tom
Technically, everyone probably ought to be set up to bypass signon. The telnet Signon screen is one of the biggest security holes in the system unless you're running over VPN or have otherwise encrypted sessions. The Signon screen was useful in the days of direct-attach terminals. In telnet environments, it's trouble waiting to happen.
Tom
ASKER
So Tom, tell me the best way to set this up for "bypass signon"? Can you send me the steps for the setup please? Thanks.
ASKER
Guys I just heard there are Macros you can setup to auto login to green screen. They said to go to: go to Edit, Preferences, Macro/Script. Is this true? If so, would that be a better option?
ASKER
Well guys I just figured this all out without having to run that CHGSYSVAL command or bypass setting.
I followed the steps below using recorded macros:
When you are at the signon screen, click on the start macro, go through the steps of signing on the green screen. Once you have signed on, click on stop macro. Then you can go to Edit, Preferences, Macro/Script, select the Macro you created and click on OK. Each time you sign on to the green screen it will automatically put in the user name and password.
That works beautifully! Whenn I open my session it automatically logins and enters all the way to where I want to me. awesome.
I followed the steps below using recorded macros:
When you are at the signon screen, click on the start macro, go through the steps of signing on the green screen. Once you have signed on, click on stop macro. Then you can go to Edit, Preferences, Macro/Script, select the Macro you created and click on OK. Each time you sign on to the green screen it will automatically put in the user name and password.
That works beautifully! Whenn I open my session it automatically logins and enters all the way to where I want to me. awesome.
Hi matrix0511,
Record a macro with the name e.g. login.mac with settings:
Record format = Macro File
Record User Wait Time = None
Enter your user-id + (field exit)
Enter your password + (field exit) + (Enter)
Stop recording
go to Edit, Preferences, Macro/Script.
Select the just created macro e.g. login.mac.
Save the session with file save.
Thats-all!
Good luck
Record a macro with the name e.g. login.mac with settings:
Record format = Macro File
Record User Wait Time = None
Enter your user-id + (field exit)
Enter your password + (field exit) + (Enter)
Stop recording
go to Edit, Preferences, Macro/Script.
Select the just created macro e.g. login.mac.
Save the session with file save.
Thats-all!
Good luck
ASKER
The information Gary gave can be beneficial in the future.
Macros can be a good option for repeated operations like this, but I don't recommend using macros in this particular fashion (unless, perhaps you work from home and have a secure PC where nobody can access your file system remotely).
The biggest problem with recording a macro like this is that your password is stored in plaintext in the macro file, which makes it possible for anyone that can gain access to the macro file to discover your password. Storing passwords in plaintext like this violates security standards in many environments, and even if your organization doesn't have a specific policy, it is just a bad security practice in general.
It is even worse if your profile is highly-privileged, as it may make you a specific candidate for password-discovery attempts.
Any user that is familiar with client access macros will immediately recognize what you are doing and likely realize that your password is stored in the macro file if they see you log in in this fashion.
As Tom points out, using the TN5250 logon screen (in the default non-SSL environment) presents another plaintext password exposure.
To avoind this vulnerability, implement SSL for all TN5250 connections. This ensures that all conversations between the AS/400 and the client PC are encrypted, and that passwords are never sent in plaintext.
Unless you've done a lot of network security work, it may seem incredible that one of your users might have the knowledge to monitor network traffic, but in the course of doing network security audits over the years, I've caught several end users (and even more network admin staffers) snooping on user network traffic and capturing user IDs and passwords using tools like dedicated password sniffers, general purpose sniffers, and packet capture software.
For convenience, consider allowing users to bypass TN5250 signon, as long as good workstation-locking procedures are enforced in your environment.
http://publib.boulder.ibm.com/infocenter/iseries/v5r3/index.jsp?topic=/rzaiw/rzaiwscenariossl.htm
- Gary Patterson
The biggest problem with recording a macro like this is that your password is stored in plaintext in the macro file, which makes it possible for anyone that can gain access to the macro file to discover your password. Storing passwords in plaintext like this violates security standards in many environments, and even if your organization doesn't have a specific policy, it is just a bad security practice in general.
It is even worse if your profile is highly-privileged, as it may make you a specific candidate for password-discovery attempts.
Any user that is familiar with client access macros will immediately recognize what you are doing and likely realize that your password is stored in the macro file if they see you log in in this fashion.
As Tom points out, using the TN5250 logon screen (in the default non-SSL environment) presents another plaintext password exposure.
To avoind this vulnerability, implement SSL for all TN5250 connections. This ensures that all conversations between the AS/400 and the client PC are encrypted, and that passwords are never sent in plaintext.
Unless you've done a lot of network security work, it may seem incredible that one of your users might have the knowledge to monitor network traffic, but in the course of doing network security audits over the years, I've caught several end users (and even more network admin staffers) snooping on user network traffic and capturing user IDs and passwords using tools like dedicated password sniffers, general purpose sniffers, and packet capture software.
For convenience, consider allowing users to bypass TN5250 signon, as long as good workstation-locking procedures are enforced in your environment.
http://publib.boulder.ibm.com/infocenter/iseries/v5r3/index.jsp?topic=/rzaiw/rzaiwscenariossl.htm
- Gary Patterson
ASKER
running that command, will it change it for ALL users?
is there anyway to run it for just my login?? I'm not sure management will want other users with ablility to cache there login info.
let me know. THanks!