Hello Buck,

You wrote:
>It is a reasonable expectation to be able to do a DSPUSRPRF and be able
>to see if a user is enabled or not.

Ah, but IBM don't want us to use commands for this stuff.  We are expected
to switch our brains off and use point-and-click rubbish instead.

An API is provided at 510 and above to retrieve a list of profiles
disabled from NetServer.  There is also an API to enable a profile.  Our
ONcmd product wraps those APIs in a proper work-with list and commands
with security checking and messages.  OpsNav 510 also lets the brain-dead
do this.  Prior to 510 you are limited to checking for the CPIB682 message
and running CHGUSRPRF or CHGPWD.

>It is a reasonable expectation that if a user is disabled from NetServer,
>they are disabled from signing on too.

I would expect that also but that's not how it works.  I suspect the
reasoning is due to Windows Networking being fairly crappy in support for
different profiles and passwords (especially W95/W98).  IBM possibly felt
it unreasonable to disable an AS/400 profile due to Winslop deficiencies.

>The way NetServer access is enforced today makes it look like a quick
>hack instead of a planned enhancement.

That fits with so much of NetServer.  The AS/400 implementation of SMB is
really below average.  If they didn't give it away "free" with the system
they couldn't sell it.

Simon Coulter.
   FlyByNight Software         AS/400 Technical Specialists

   Phone: +61 3 9419 0175   Mobile: +61 0411 091 400        /"\
   Fax:   +61 3 9419 0175   mailto: shc@flybynight.com.au   \ /
                 ASCII Ribbon campaign against HTML E-Mail  / \

This thread ...

Return to Archive home page | Return to MIDRANGE.COM home page