MIDRANGE dot COM Mailing List Archive



Home » MIDRANGE-L » September 2001

RE: Auto Signon



fixed

Could the "QIBM_QZSO_SIGNONSRV   ZSOY0100  TCP Signon Server" be used to
validate the session address and log that machine on as a specific user? I
don't know much about exit point programming yet....

Another question, in Client Access Express, I see a program CWBLOGON.EXE
that appears to cache the logon information. Does anyone know how/if that
works?

Eric DeLong
Sally Beauty Company
MIS-Sr. Programmer/Analyst
940-898-7863 or ext. 1863



-----Original Message-----
From: John Earl [mailto:johnearl@powertechgroup.com]
Sent: Thursday, September 20, 2001 11:16 AM
To: midrange-l@midrange.com
Subject: Re: Auto Signon



> Scary is right!  From an auditor's viewpoint, the generally
recommended best
> practice setting is *FRCSIGNON.


*FRCSIGNON has it's own risks, and I don't believe that this is a
blanket recommendation from Auditors who understand OS400.  If you
require every user who connects to your iSeries to go through the DDS
signon screen (QDSIGNON) every time they connect, then you guarantee
that OS/400 passwords will be sent across your network in clear text.
The Client Access signon server will encrypt passwords and compare
encrypted values.  DDS will likely never be smart enough to do that.

That being said, even if you allow bypass signon you may still be
sending clear text passwords if you are using the OS/400 System value
QINACTITV to time out inactive sessions.  Usually, once you time out a
session, you cause the QDSIGNON screen to display once again and run
the risk of an plain text password transmission.

jte


--
John Earl                              johnearl@powertechgroup.com
The Powertech Group          www.powertechgroup.com
Kent, Washington, USA       +1 253-872-7788




_______________________________________________
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@midrange.com
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/cgi-bin/listinfo/midrange-l
or email: MIDRANGE-L-request@midrange.com
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.








Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2014 by MIDRANGE dot COM and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available here. If you have questions about this, please contact