Re: Electronic Signatures -- MIDRANGE-L

Actually, wouldn't his new title be "defendant"?

This could be abused one way, I guess, if someone with secofc authority
wanted to find out someone's password, although I couldn't figure out why.

They could have it start guessing passwords, and after every 4th attempt
change the status to *ENABLED.

There are lots of ways people can disable accounts, this is just one way of
doing it without getting your device varied off, if that is set in the system
values.

And, if you did this, and disabled the security officers password, after the
security officer had to re-ipl to enable his account (you can still log on as
sec ofr in a manual IPL even if your account is disabled) he would probably
get smart.  Hmm.. interesting though, I think I'm going to write a program to
do this to disable an account just to see what the QSYSMSG is for it.  I know
that normally it specifies what device disabled the profile, even if you don't
have it set to disable devices.

Regards,

Jim Langston

Bob Crothers wrote:

> Don,
>
> A list of users is easy...I'll even bet you already know how to do it.
>
> BTW, if your goal is just to screw up the system, create a scheduled
> job entry to do a pwrdwnsys every few hours.
>
> Or better yet: DLTPGM QSYS/*ALL
>
> The best thing of all is to go into strsst and rename the QSYS library
> (did that one time at IBM's direction...life was much worse after than
> before)...this will totally screw a machine.
>
> Of course, with any of the above things, your new job title would
> probably be "Unemployed".
>
> My point is that very few things can not be abused.  Some are harder.
>  If my goal was to cause problems, don't think I would resort to
> obscure API's...to much work and can do so much better with os/400
> commands.
>
> Bob
>
> -----Original Message-----
> From:   Schenck, Don [SMTP:Don.Schenck@WL.com]
> Sent:   Thursday, September 16, 1999 11:56 AM
> To:     'MIDRANGE-L@midrange.com'
> Subject:        RE: Electronic Signatures
>
> Cool ... that means one could create a REALLY COOL program:
>
> It keeps calling the API with different user names until all of the
> users
> are disabled!
>
> A MAJOR pain for the sysadmin!
>
> So HOW does one go about getting a list of users????
>
> -- Don
>
> -----Original Message-----
> From: Bob Crothers [mailto:bob@cstoneindy.com]
> Sent: Thursday, September 16, 1999 10:55 AM
> To: 'MIDRANGE-L@midrange.com'
> Subject: RE: Electronic Signatures
>
> Rob,
>
> As shipped, run time access to these API's is restricted.  And of
> course, before you can even use it, you must a) have a program and b)
> beable to execute the program.
>
> So...it would only help if you already have access to the system you
> are trying to get into...actually, quite a bit of access.
>
> BTW, the Get Profile Handle DOES disable the profile after the max
> number of signon attempts has been exceeded.  I just tested it (V3R7
> system).
> +---
> | This is the Midrange System Mailing List!
> | To submit a new message, send your mail to MIDRANGE-L@midrange.com.
> | To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com.
> | To unsubscribe from this list send email to
> MIDRANGE-L-UNSUB@midrange.com.
> | Questions should be directed to the list owner/operator:
> david@midrange.com
> +---
>
> +---
> | This is the Midrange System Mailing List!
> | To submit a new message, send your mail to MIDRANGE-L@midrange.com.
> | To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com.
> | To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com.
> | Questions should be directed to the list owner/operator: david@midrange.com
> +---

+---
| This is the Midrange System Mailing List!
| To submit a new message, send your mail to MIDRANGE-L@midrange.com.
| To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com.
| To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com.
| Questions should be directed to the list owner/operator: david@midrange.com
+---