× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.



Thanks John.  You've confirmed what I've suspected.  I've used web support
to log a problem on the matter, and now I'm involved in a headache-inducing
exchange with support.  I've reported that some clients are able to connect
just fine and I've asked, "How do I prevent PC5250 from using remote command
server?" and "Under what circumstances does a PC5250 session connect without
making a remote command server request?"  I've requested that they explain
the difference between the sessions and explain the circumstances that would
require a remote command server call.  All I'm getting back is "we know what
your problem is -- you need to enable port 8475 and remote command server
and this is how you do it."

I can't believe that presenting an emulated terminal requires authentication
in the first place, let alone internally executed remote command calls.  I
can launch Windows telnet and get to a sign on screen without all this crap.
It's even more bizarre that it's not predictable.

Waah.

-Jim

-----Original Message-----
From: John Earl [mailto:john.earl@powertechgroup.com]
Sent: Thursday, November 21, 2002 1:18 PM
To: midrange-l@midrange.com
Subject: RE: CA remote command server port


Jim,

I think what you are referring to is that the Client Access Central
Server and/or Signon Server uses Remote Command (in certain cases) to
complete the Signon process.

This is a wrong-headed implementation by the Client Access team that
requires that you allow all of your users to use the remote command
server in order to use Client Access - and of course the remote command
server allows those same users to run other commands on your iSeries.
It now is much more difficult (but not impossible) for you to limit
which commands and programs can be used by the remote users.  You're
going to have to query those inbound transactions and determine what
resources they are trying to access.   Port blocking and similar
firewall restrictions will only give you all or nothing control over the
use of the remote command server.  You're going to have to get more
granular in order to get any real security.

jte




John Earl - john.earl@powertechgroup.com
The PowerTech Group - Seattle, WA
+1-253-872-7788 - www.powertech.com

-----Original Message-----
From: midrange-l-admin@midrange.com
[mailto:midrange-l-admin@midrange.com] On Behalf Of Jim Damato
Sent: Wednesday, November 20, 2002 9:05 AM
To: midrange-l@midrange.com
Subject: CA remote command server port

I need some help understanding how Client Access Express uses remote
command
server (PC to AS/400).  Remote command supposedly uses port 8475, which
we
have turned off from certain network entry points.  Some of our CA
Express
users can get in, but others fail as they login to the initial prompt
before
PC5250.  I can't figure out what's making certain PC client
configurations
think they need port 8475 for remote command, and I can't figure out how
to
remove the requirement from their CA configuration.

There's nothing I can find in CA Express administration that explicitly
mentions remote command functions, or where it might be selected and
used.

Does anyone have any experience with this?  Much thanks...

-Jim

James P. Damato
Manager - Technical Administration
Dollar General Corporation
<mailto:jdamato@dollargeneral.com>



As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.