Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

iSeries Access for Windows - 2 phase authentication

Posted on 2010-09-15
7
Medium Priority
?
828 Views
Last Modified: 2012-06-27
I'm using the iSeries Access for Windows for connection my AS400 machine.
I wanted to know - since the emulator is configured (on the Signon info) to "prompt always", I'm asked for a password first time via the iSeries (some messagebox...) and when getting to the AS400 machine, I get the the login page mode.
so... what is the purpose of the fist authentication? on wc3270 I don't need this authentication phase but I want to know if I miss something.
tx,
s
0
Comment
Question by:Cyber-EE
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
7 Comments
 
LVL 35

Expert Comment

by:Gary Patterson
ID: 33682600
The iSeries Access prompts for a password on the initial connection to the AS/400, and it caches this connection information.  

If the system is configured to allow users to "bypass logon", and the user's emulator session is similarly configured, then users can be automatically logged on without seeing a green-screen logon screen.

This cached logon information is also used for other purposes, including NetServer access, Navigator access, etc.

Other emulation products don't perform this initial authentication - it is unique to iSeries Access.

- Gary Patterson
0
 
LVL 27

Expert Comment

by:tliotta
ID: 33687211
Although the "initial authorization" might not be done, bypassing the "login page" is done by other emulators. The open source TN5250 project will 'bypass signon' if you configure the connection to do so.

The IBM intended purpose of 'bypass signon' is to avoid sending the password in clear-text through the "login page" which, after all, is just a normal display file. The password is instead sent in an encrypted/encoded form to the telnet server. The rise in popularity of ssl or VPN connections has somewhat reduced that issue.

The iSeries Access connection can be configured to 'bypass signon'. However, some sites still force entry through the "login page" which effectively cancels the setting from the PC.

Tom
0
 

Author Comment

by:Cyber-EE
ID: 33689043
Hi Gary,
Tx for the good answer.
can you pls give me some more details for how to do what you mentioned:
"If the system is configured to allow users to "bypass logon", and the user's emulator session is similarly configured..."
1. how do i configure the system to allow bypass logon? I'm using the iSeries navigator...
2. how do i allow bypass from the emulator? can I do it from the "Configure PC5250" dialog (when I'm creating new session?) - just check the "bypass signon"?

tx a lot,
s
0
NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

 
LVL 35

Accepted Solution

by:
Gary Patterson earned 2000 total points
ID: 33690377
Set the Qrmtsign system value to *verify and tick the "bypass signon" button on the emilation session.

Many shops prohibit this practice, since accss to an unlocked workstation allows a user access to the as400 without the need for a user I'd or password.  Use with caution.

http://www.itjungle.com/tfh/tfh081803-story04.html

Gary Patterson
0
 

Author Comment

by:Cyber-EE
ID: 33691496
since I'm not familier with the AS400 at all - I just need to know how to set the Qrmtsign system value to *verify.
tx,
s
0
 

Author Comment

by:Cyber-EE
ID: 33691603
I found the way to do it...
to whom it may concern:
1. logon to the AS400
2. write the following command: WRKSYSVAL
3. if you have the permissions you will see the system vals...
=> select "QRMTSIGN" and change its value to *VERIFY


see http://www.sans.org/reading_room/whitepapers/basics/as-400-iseries-comprehensive-guide-setting-system-values-common-practice-securi_425
0
 

Author Closing Comment

by:Cyber-EE
ID: 33691643
see the last commnet I added - since I know nothing about as400 I only missed how to change system values
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Ready to improve network connectivity? Watch this webinar to learn how SD-WANs and a one-click instant connect tool can boost provisions, deployment, and management of your cloud connection.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Hello I read in a discussion about a person who configured a very simple mirror RAID with two hard drives; the system and data were on the same partition. He asked how to repair the system as it was not booting up anymore. In his case running …
Windows 10 is here and for most admins this means frustration and challenges getting that first working Windows 10 image. As in my previous sysprep articles, I've put together a simple help guide to get you through this process. The aim is to achiev…
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…
Hi friends,  in this video  I'll show you how new windows 10 user can learn the using of windows 10. Thank you.

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question