Solved

iSeries Access for Windows - 2 phase authentication

Posted on 2010-09-15
7
824 Views
Last Modified: 2012-06-27
I'm using the iSeries Access for Windows for connection my AS400 machine.
I wanted to know - since the emulator is configured (on the Signon info) to "prompt always", I'm asked for a password first time via the iSeries (some messagebox...) and when getting to the AS400 machine, I get the the login page mode.
so... what is the purpose of the fist authentication? on wc3270 I don't need this authentication phase but I want to know if I miss something.
tx,
s
0
Comment
Question by:Cyber-EE
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
7 Comments
 
LVL 35

Expert Comment

by:Gary Patterson
ID: 33682600
The iSeries Access prompts for a password on the initial connection to the AS/400, and it caches this connection information.  

If the system is configured to allow users to "bypass logon", and the user's emulator session is similarly configured, then users can be automatically logged on without seeing a green-screen logon screen.

This cached logon information is also used for other purposes, including NetServer access, Navigator access, etc.

Other emulation products don't perform this initial authentication - it is unique to iSeries Access.

- Gary Patterson
0
 
LVL 27

Expert Comment

by:tliotta
ID: 33687211
Although the "initial authorization" might not be done, bypassing the "login page" is done by other emulators. The open source TN5250 project will 'bypass signon' if you configure the connection to do so.

The IBM intended purpose of 'bypass signon' is to avoid sending the password in clear-text through the "login page" which, after all, is just a normal display file. The password is instead sent in an encrypted/encoded form to the telnet server. The rise in popularity of ssl or VPN connections has somewhat reduced that issue.

The iSeries Access connection can be configured to 'bypass signon'. However, some sites still force entry through the "login page" which effectively cancels the setting from the PC.

Tom
0
 

Author Comment

by:Cyber-EE
ID: 33689043
Hi Gary,
Tx for the good answer.
can you pls give me some more details for how to do what you mentioned:
"If the system is configured to allow users to "bypass logon", and the user's emulator session is similarly configured..."
1. how do i configure the system to allow bypass logon? I'm using the iSeries navigator...
2. how do i allow bypass from the emulator? can I do it from the "Configure PC5250" dialog (when I'm creating new session?) - just check the "bypass signon"?

tx a lot,
s
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 
LVL 35

Accepted Solution

by:
Gary Patterson earned 500 total points
ID: 33690377
Set the Qrmtsign system value to *verify and tick the "bypass signon" button on the emilation session.

Many shops prohibit this practice, since accss to an unlocked workstation allows a user access to the as400 without the need for a user I'd or password.  Use with caution.

http://www.itjungle.com/tfh/tfh081803-story04.html

Gary Patterson
0
 

Author Comment

by:Cyber-EE
ID: 33691496
since I'm not familier with the AS400 at all - I just need to know how to set the Qrmtsign system value to *verify.
tx,
s
0
 

Author Comment

by:Cyber-EE
ID: 33691603
I found the way to do it...
to whom it may concern:
1. logon to the AS400
2. write the following command: WRKSYSVAL
3. if you have the permissions you will see the system vals...
=> select "QRMTSIGN" and change its value to *VERIFY


see http://www.sans.org/reading_room/whitepapers/basics/as-400-iseries-comprehensive-guide-setting-system-values-common-practice-securi_425
0
 

Author Closing Comment

by:Cyber-EE
ID: 33691643
see the last commnet I added - since I know nothing about as400 I only missed how to change system values
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Just about everyone has an old PC laying around.  Ask anyone in the IT industry, whether they are a professional or play in it as a hobby.  From outdated Desktops to cheap "throwaway" laptops, they are all around and not as hard to "fix up" as you m…
Windows 10 is here and for most admins this means frustration and challenges getting that first working Windows 10 image. As in my previous sysprep articles, I've put together a simple help guide to get you through this process. The aim is to achiev…
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…
Hi friends,  in this video  I'll show you how new windows 10 user can learn the using of windows 10. Thank you.
Suggested Courses

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question