Could the "QIBM_QZSO_SIGNONSRV   ZSOY0100  TCP Signon Server" be used to
validate the session address and log that machine on as a specific user? I
don't know much about exit point programming yet....

Another question, in Client Access Express, I see a program CWBLOGON.EXE
that appears to cache the logon information. Does anyone know how/if that

Eric DeLong
Sally Beauty Company
MIS-Sr. Programmer/Analyst
940-898-7863 or ext. 1863

-----Original Message-----
From: John Earl []
Sent: Thursday, September 20, 2001 11:16 AM
Subject: Re: Auto Signon

> Scary is right!  From an auditor's viewpoint, the generally
recommended best
> practice setting is *FRCSIGNON.

*FRCSIGNON has it's own risks, and I don't believe that this is a
blanket recommendation from Auditors who understand OS400.  If you
require every user who connects to your iSeries to go through the DDS
signon screen (QDSIGNON) every time they connect, then you guarantee
that OS/400 passwords will be sent across your network in clear text.
The Client Access signon server will encrypt passwords and compare
encrypted values.  DDS will likely never be smart enough to do that.

That being said, even if you allow bypass signon you may still be
sending clear text passwords if you are using the OS/400 System value
QINACTITV to time out inactive sessions.  Usually, once you time out a
session, you cause the QDSIGNON screen to display once again and run
the risk of an plain text password transmission.


John Earl                    
The Powertech Group
Kent, Washington, USA       +1 253-872-7788

This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email:
To subscribe, unsubscribe, or change list options,
or email:
Before posting, please take a moment to review the archives

This thread ...

Return to Archive home page | Return to MIDRANGE.COM home page