MIDRANGE dot COM Mailing List Archive



Home » MIDRANGE-L » June 1999

Re: Trusted AS/400s


  • Subject: Re: Trusted AS/400s
  • From: John Earl <johnearl@xxxxxxxxxxx>
  • Date: Fri, 18 Jun 1999 13:34:30 -0700
  • Organization: PowerTech Toolworks & The 400 School

fixed

Robert,

You can do this over SNA using the LOCPWD parameter on the device descriptions.

Basically, when you create the device desccriptions on both ends you store the
same  8 character password in both DEVD's.  Then when the two devices initially
connect they exchange encrypted passwords (40 bit DES encryption, but it's 
enough
for most business envirnments) in order to verify that it truly is the other
machine that they are talking to.

Next evaluate the source machine and make sure it is secure enough that users 
can
not assume another's identity and/or their isn't a lot of *ALLOBJ authority
dispersed.

When your local machine is confident that:
    A)    The remote machine is really who it says it is.
    B)    The remote machine's security is adequate enough that you trust it to
authenticate user SMITH.

You can configure passthrough to bypass the signon screen requirement with 
little
worry.

jte

robert.lilley@springs.com wrote:

> Using the WRKCFGL command, it is my understanding that you can create
> a trusted, or secure, connection between two AS/400s.  I do not know
> all the reasons one may do this, but one is to allow passthru sessions
> without requiring a logon to the remote AS/400.  For example, if I log
> on to AS/400 ABC with user SMITH, then I can automatically logon as
> user SMITH to the remote AS/400 XYZ.
>
> Does anyone see security risks here?
>
> +---
> | This is the Midrange System Mailing List!
> | To submit a new message, send your mail to MIDRANGE-L@midrange.com.
> | To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com.
> | To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com.
> | Questions should be directed to the list owner/operator: david@midrange.com
> +---



--
John Earl                                              johnearl@toolnet.com
PowerTech Toolworks                         206-575-0711
PowerLock Network Security              www.400security.com
The 400 School                                    www.400school.com
--


+---
| This is the Midrange System Mailing List!
| To submit a new message, send your mail to MIDRANGE-L@midrange.com.
| To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com.
| To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com.
| Questions should be directed to the list owner/operator: david@midrange.com
+---






Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2014 by MIDRANGE dot COM and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available here. If you have questions about this, please contact