Solved

iSeries Access for Windows - 2 phase authentication

Posted on 2010-09-15
7
819 Views
Last Modified: 2012-06-27
I'm using the iSeries Access for Windows for connection my AS400 machine.
I wanted to know - since the emulator is configured (on the Signon info) to "prompt always", I'm asked for a password first time via the iSeries (some messagebox...) and when getting to the AS400 machine, I get the the login page mode.
so... what is the purpose of the fist authentication? on wc3270 I don't need this authentication phase but I want to know if I miss something.
tx,
s
0
Comment
Question by:Cyber-EE
  • 4
  • 2
7 Comments
 
LVL 34

Expert Comment

by:Gary Patterson
ID: 33682600
The iSeries Access prompts for a password on the initial connection to the AS/400, and it caches this connection information.  

If the system is configured to allow users to "bypass logon", and the user's emulator session is similarly configured, then users can be automatically logged on without seeing a green-screen logon screen.

This cached logon information is also used for other purposes, including NetServer access, Navigator access, etc.

Other emulation products don't perform this initial authentication - it is unique to iSeries Access.

- Gary Patterson
0
 
LVL 27

Expert Comment

by:tliotta
ID: 33687211
Although the "initial authorization" might not be done, bypassing the "login page" is done by other emulators. The open source TN5250 project will 'bypass signon' if you configure the connection to do so.

The IBM intended purpose of 'bypass signon' is to avoid sending the password in clear-text through the "login page" which, after all, is just a normal display file. The password is instead sent in an encrypted/encoded form to the telnet server. The rise in popularity of ssl or VPN connections has somewhat reduced that issue.

The iSeries Access connection can be configured to 'bypass signon'. However, some sites still force entry through the "login page" which effectively cancels the setting from the PC.

Tom
0
 

Author Comment

by:Cyber-EE
ID: 33689043
Hi Gary,
Tx for the good answer.
can you pls give me some more details for how to do what you mentioned:
"If the system is configured to allow users to "bypass logon", and the user's emulator session is similarly configured..."
1. how do i configure the system to allow bypass logon? I'm using the iSeries navigator...
2. how do i allow bypass from the emulator? can I do it from the "Configure PC5250" dialog (when I'm creating new session?) - just check the "bypass signon"?

tx a lot,
s
0
Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

 
LVL 34

Accepted Solution

by:
Gary Patterson earned 500 total points
ID: 33690377
Set the Qrmtsign system value to *verify and tick the "bypass signon" button on the emilation session.

Many shops prohibit this practice, since accss to an unlocked workstation allows a user access to the as400 without the need for a user I'd or password.  Use with caution.

http://www.itjungle.com/tfh/tfh081803-story04.html

Gary Patterson
0
 

Author Comment

by:Cyber-EE
ID: 33691496
since I'm not familier with the AS400 at all - I just need to know how to set the Qrmtsign system value to *verify.
tx,
s
0
 

Author Comment

by:Cyber-EE
ID: 33691603
I found the way to do it...
to whom it may concern:
1. logon to the AS400
2. write the following command: WRKSYSVAL
3. if you have the permissions you will see the system vals...
=> select "QRMTSIGN" and change its value to *VERIFY


see http://www.sans.org/reading_room/whitepapers/basics/as-400-iseries-comprehensive-guide-setting-system-values-common-practice-securi_425
0
 

Author Closing Comment

by:Cyber-EE
ID: 33691643
see the last commnet I added - since I know nothing about as400 I only missed how to change system values
0

Featured Post

Gigs: Get Your Project Delivered by an Expert

Select from freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article we will discuss all things related to StageFright bug, the most vulnerable bug of android devices.
I use more than 1 computer in my office for various reasons. Multiple keyboards and mice take up more than just extra space, they make working a little more complicated. Using one mouse and keyboard for all of my computers makes life easier. This co…
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…
Hi friends,  in this video  I'll show you how new windows 10 user can learn the using of windows 10. Thank you.

808 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question