Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2170
  • Last Modified:

Is there a way to Setup my AS400 Session so that I automatically logs me on without having to type username/password?

I have to login and out of AS400 sessions all the time and hate having to login everytime. Is there a way to setup some kind of automation where I dont' have to enter username and password on green screen? Maybe a setup in Operations Navagator?

Anything would help.

Thanks!
8-26-2010-10-33-59-AM.jpg
0
matrix0511
Asked:
matrix0511
1 Solution
 
Gary PattersonVP Technology / Senior Consultant Commented:
CHGSYSVAL QRMTSIGN *VERIFY

Changing this system value allows remote users to sign on using cached credentials.  Client Access caches signon credentials when a user first makes a Client Access connection.  If QRMTSIGN is *VERIFY, then signon using these cached credentials is allowed.

- Gary patterson
0
 
matrix0511Author Commented:
Gary,

running that command, will it change it for ALL users?

is there anyway to run it for just my login?? I'm not sure management will want other users with ablility to cache there login info.

let me know. THanks!
0
 
tliottaCommented:
Note that you also will need to have your connection set to enable "bypass signon".

Technically, everyone probably ought to be set up to bypass signon. The telnet Signon screen is one of the biggest security holes in the system unless you're running over VPN or have otherwise encrypted sessions. The Signon screen was useful in the days of direct-attach terminals. In telnet environments, it's trouble waiting to happen.

Tom
0
Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
matrix0511Author Commented:
So Tom, tell me the best way to set this up for "bypass signon"? Can you send me the steps for the setup please? Thanks.
0
 
matrix0511Author Commented:
Guys I just heard there are Macros you can setup to auto login to green screen. They said to go to: go to Edit, Preferences, Macro/Script.  Is this true? If so, would that be a better option?
0
 
matrix0511Author Commented:
Well guys I just figured this all out without having to run that CHGSYSVAL command or bypass setting.

I followed the steps below using recorded macros:

When you are at the signon screen, click on the start macro, go through the steps of signing on the green screen. Once you have signed on, click on stop macro. Then you can go to Edit, Preferences, Macro/Script, select the Macro you created and click on OK. Each time you sign on to the green screen it will automatically put in the user name and password.

That works beautifully! Whenn I open my session it automatically logins and enters all the way to where I want to me. awesome.
0
 
MurpheyApplication ConsultantCommented:
Hi matrix0511,

Record a macro with the name e.g. login.mac with settings:

Record format = Macro File
Record User Wait  Time = None

Enter your user-id + (field exit)
Enter your password + (field exit) + (Enter)

Stop recording

go to Edit, Preferences, Macro/Script.
Select the just created macro e.g. login.mac.

Save the session with file save.

Thats-all!

Good luck
0
 
matrix0511Author Commented:
The information Gary gave can be beneficial in the future.
0
 
Gary PattersonVP Technology / Senior Consultant Commented:
Macros can be a good option for repeated operations like this, but I don't recommend using macros in this particular fashion (unless, perhaps you work from home and have a secure PC where nobody can access your file system remotely).

The biggest problem with recording a macro like this is that your password is stored in plaintext in the macro file, which makes it possible for anyone that can gain access to the macro file to discover your password.  Storing passwords in plaintext like this violates security standards in many environments, and even if your organization doesn't have a specific policy, it is just a bad security practice in general.  

It is even worse if your profile is highly-privileged, as it may make you a specific candidate for password-discovery attempts.

Any user that is familiar with client access macros will immediately recognize what you are doing and likely realize that your password is stored in the macro file if they see you log in in this fashion.

As Tom points out, using the TN5250 logon screen (in the default non-SSL environment) presents another plaintext password exposure.

To avoind this vulnerability, implement SSL for all TN5250 connections.  This ensures that all conversations between the AS/400 and the client PC are encrypted, and that passwords are never sent in plaintext.  

Unless you've done a lot of network security work, it may seem incredible that one of your users might have the knowledge to monitor network traffic, but in the course of doing network security audits over the years, I've caught several end users (and even more network admin staffers) snooping on user network traffic and capturing user IDs and passwords using tools like dedicated password sniffers, general purpose sniffers,  and packet capture software.

For convenience, consider allowing users to bypass TN5250 signon, as long as good workstation-locking procedures are enforced in your environment.

http://publib.boulder.ibm.com/infocenter/iseries/v5r3/index.jsp?topic=/rzaiw/rzaiwscenariossl.htm

- Gary Patterson

0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now