Solved

Is there a way to Setup my AS400 Session so that I automatically logs me on without having to type username/password?

Posted on 2010-08-26
9
1,616 Views
Last Modified: 2013-12-06
I have to login and out of AS400 sessions all the time and hate having to login everytime. Is there a way to setup some kind of automation where I dont' have to enter username and password on green screen? Maybe a setup in Operations Navagator?

Anything would help.

Thanks!
8-26-2010-10-33-59-AM.jpg
0
Comment
Question by:matrix0511
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
9 Comments
 
LVL 35

Accepted Solution

by:
Gary Patterson earned 500 total points
ID: 33536014
CHGSYSVAL QRMTSIGN *VERIFY

Changing this system value allows remote users to sign on using cached credentials.  Client Access caches signon credentials when a user first makes a Client Access connection.  If QRMTSIGN is *VERIFY, then signon using these cached credentials is allowed.

- Gary patterson
0
 

Author Comment

by:matrix0511
ID: 33536331
Gary,

running that command, will it change it for ALL users?

is there anyway to run it for just my login?? I'm not sure management will want other users with ablility to cache there login info.

let me know. THanks!
0
 
LVL 27

Expert Comment

by:tliotta
ID: 33537461
Note that you also will need to have your connection set to enable "bypass signon".

Technically, everyone probably ought to be set up to bypass signon. The telnet Signon screen is one of the biggest security holes in the system unless you're running over VPN or have otherwise encrypted sessions. The Signon screen was useful in the days of direct-attach terminals. In telnet environments, it's trouble waiting to happen.

Tom
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:matrix0511
ID: 33538593
So Tom, tell me the best way to set this up for "bypass signon"? Can you send me the steps for the setup please? Thanks.
0
 

Author Comment

by:matrix0511
ID: 33538596
Guys I just heard there are Macros you can setup to auto login to green screen. They said to go to: go to Edit, Preferences, Macro/Script.  Is this true? If so, would that be a better option?
0
 

Author Comment

by:matrix0511
ID: 33538615
Well guys I just figured this all out without having to run that CHGSYSVAL command or bypass setting.

I followed the steps below using recorded macros:

When you are at the signon screen, click on the start macro, go through the steps of signing on the green screen. Once you have signed on, click on stop macro. Then you can go to Edit, Preferences, Macro/Script, select the Macro you created and click on OK. Each time you sign on to the green screen it will automatically put in the user name and password.

That works beautifully! Whenn I open my session it automatically logins and enters all the way to where I want to me. awesome.
0
 
LVL 16

Expert Comment

by:theo kouwenhoven
ID: 33539758
Hi matrix0511,

Record a macro with the name e.g. login.mac with settings:

Record format = Macro File
Record User Wait  Time = None

Enter your user-id + (field exit)
Enter your password + (field exit) + (Enter)

Stop recording

go to Edit, Preferences, Macro/Script.
Select the just created macro e.g. login.mac.

Save the session with file save.

Thats-all!

Good luck
0
 

Author Closing Comment

by:matrix0511
ID: 33540874
The information Gary gave can be beneficial in the future.
0
 
LVL 35

Expert Comment

by:Gary Patterson
ID: 33550060
Macros can be a good option for repeated operations like this, but I don't recommend using macros in this particular fashion (unless, perhaps you work from home and have a secure PC where nobody can access your file system remotely).

The biggest problem with recording a macro like this is that your password is stored in plaintext in the macro file, which makes it possible for anyone that can gain access to the macro file to discover your password.  Storing passwords in plaintext like this violates security standards in many environments, and even if your organization doesn't have a specific policy, it is just a bad security practice in general.  

It is even worse if your profile is highly-privileged, as it may make you a specific candidate for password-discovery attempts.

Any user that is familiar with client access macros will immediately recognize what you are doing and likely realize that your password is stored in the macro file if they see you log in in this fashion.

As Tom points out, using the TN5250 logon screen (in the default non-SSL environment) presents another plaintext password exposure.

To avoind this vulnerability, implement SSL for all TN5250 connections.  This ensures that all conversations between the AS/400 and the client PC are encrypted, and that passwords are never sent in plaintext.  

Unless you've done a lot of network security work, it may seem incredible that one of your users might have the knowledge to monitor network traffic, but in the course of doing network security audits over the years, I've caught several end users (and even more network admin staffers) snooping on user network traffic and capturing user IDs and passwords using tools like dedicated password sniffers, general purpose sniffers,  and packet capture software.

For convenience, consider allowing users to bypass TN5250 signon, as long as good workstation-locking procedures are enforced in your environment.

http://publib.boulder.ibm.com/infocenter/iseries/v5r3/index.jsp?topic=/rzaiw/rzaiwscenariossl.htm

- Gary Patterson

0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In a recent article here at Experts Exchange (http://www.experts-exchange.com/articles/18880/PaperPort-14-in-Windows-10-A-First-Look.html), I discussed my nine-month sandbox testing of the Windows 10 Technical Preview, specifically with respect to r…
Windows 7 does not have the best desktop search built in. This is something Windows 7 users have struggled with. You type something in, and your search results don’t always match what you are looking for, or it doesn’t actually work at all. There ar…
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…
Hi friends,  in this video  I'll show you how new windows 10 user can learn the using of windows 10. Thank you.

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question