× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. June 1999

Re: Trusted AS/400s

  • Subject: Re: Trusted AS/400s
  • From: John Earl <johnearl@xxxxxxxxxxx>
  • Date: Fri, 18 Jun 1999 13:34:30 -0700
  • Organization: PowerTech Toolworks & The 400 School
 
Robert,

You can do this over SNA using the LOCPWD parameter on the device descriptions.

Basically, when you create the device desccriptions on both ends you store the
same  8 character password in both DEVD's.  Then when the two devices initially
connect they exchange encrypted passwords (40 bit DES encryption, but it's 
enough
for most business envirnments) in order to verify that it truly is the other
machine that they are talking to.

Next evaluate the source machine and make sure it is secure enough that users 
can
not assume another's identity and/or their isn't a lot of *ALLOBJ authority
dispersed.

When your local machine is confident that:
    A)    The remote machine is really who it says it is.
    B)    The remote machine's security is adequate enough that you trust it to
authenticate user SMITH.

You can configure passthrough to bypass the signon screen requirement with 
little
worry.

jte

robert.lilley@springs.com wrote:

> Using the WRKCFGL command, it is my understanding that you can create
> a trusted, or secure, connection between two AS/400s.  I do not know
> all the reasons one may do this, but one is to allow passthru sessions
> without requiring a logon to the remote AS/400.  For example, if I log
> on to AS/400 ABC with user SMITH, then I can automatically logon as
> user SMITH to the remote AS/400 XYZ.
>
> Does anyone see security risks here?
>
> +---
> | This is the Midrange System Mailing List!
> | To submit a new message, send your mail to MIDRANGE-L@midrange.com.
> | To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com.
> | To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com.
> | Questions should be directed to the list owner/operator: david@midrange.com
> +---



--
John Earl                                              johnearl@toolnet.com
PowerTech Toolworks                         206-575-0711
PowerLock Network Security              www.400security.com
The 400 School                                    www.400school.com
--


+---
| This is the Midrange System Mailing List!
| To submit a new message, send your mail to MIDRANGE-L@midrange.com.
| To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com.
| To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com.
| Questions should be directed to the list owner/operator: david@midrange.com
+---

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.