|
Robert, You can do this over SNA using the LOCPWD parameter on the device descriptions. Basically, when you create the device desccriptions on both ends you store the same 8 character password in both DEVD's. Then when the two devices initially connect they exchange encrypted passwords (40 bit DES encryption, but it's enough for most business envirnments) in order to verify that it truly is the other machine that they are talking to. Next evaluate the source machine and make sure it is secure enough that users can not assume another's identity and/or their isn't a lot of *ALLOBJ authority dispersed. When your local machine is confident that: A) The remote machine is really who it says it is. B) The remote machine's security is adequate enough that you trust it to authenticate user SMITH. You can configure passthrough to bypass the signon screen requirement with little worry. jte robert.lilley@springs.com wrote: > Using the WRKCFGL command, it is my understanding that you can create > a trusted, or secure, connection between two AS/400s. I do not know > all the reasons one may do this, but one is to allow passthru sessions > without requiring a logon to the remote AS/400. For example, if I log > on to AS/400 ABC with user SMITH, then I can automatically logon as > user SMITH to the remote AS/400 XYZ. > > Does anyone see security risks here? > > +--- > | This is the Midrange System Mailing List! > | To submit a new message, send your mail to MIDRANGE-L@midrange.com. > | To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com. > | To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com. > | Questions should be directed to the list owner/operator: david@midrange.com > +--- -- John Earl johnearl@toolnet.com PowerTech Toolworks 206-575-0711 PowerLock Network Security www.400security.com The 400 School www.400school.com -- +--- | This is the Midrange System Mailing List! | To submit a new message, send your mail to MIDRANGE-L@midrange.com. | To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com. | To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com. | Questions should be directed to the list owner/operator: david@midrange.com +---
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.