× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.



I'm not sure that AA controls command line entry as such. It is meant to 
control client functions. E.g., it can control whether a user can use FTP as a 
client from an iSeries or it can control whether the user can use FTP to 
connect to the iSeries from another box - this is using the iSeries as FTP 
server. It is also possible to control the use of ODBC.  But control is not at 
the command line - controlling FTP as a client from the iSeries is only 
incidental, as I understand it.

This topic is not extremely well-documented by IBM, IMO. An interesting bit I 
saw is that IBM does not recommend this as true security, rather, "access" 
privileges. I.e., there can be several ways to get access to a physical file, 
including FTP, ODBC, Data Transfer in PC5250, et al. App Admin does not secure 
those that are not registered and set up there. (All the ones I listed can be, 
BTW.) 

There is more in a redbook at 

http://www.redbooks.ibm.com/redbooks/pdfs/sg246226.pdf

and in the Application Administration topic at InfoCenter. It might also be a 
good topic on which to call IBM Support - this is the kind of thing they will 
reply to, I believe.

It is not clear where the settings are kept - I thought there was a global 
nature to this, but it might be local (except when using a central system, 
V5R2+). Reason I say this is, one item I read said that things are kept in the 
Windows registry. Another question for IBM Support, I suppose.

But, in my experience, it is possible to keep someone from using FTP and other 
selected access methods. The security is still standard iSeries object 
security. The App Admin stuff is access control built on top of a "properly" 
secured system.

HTH
Vern

-------------- Original message -------------- 
From: fbocch2595@xxxxxxx 

> Thanks Vern. 
> 
> In your experience w/AA is there any way security can be bypassed or 
> compromised 
> when using AA strictly over green screen command entry? 
> 
> Another way to ask is does AA encompass or include all security that green 
> screen does? 
> 
> -----Original Message----- 
> From: Vernon Hamberg 
> To: Midrange Systems Technical Discussion 
> Sent: Sun, 22 Jan 2006 22:42:37 -0600 
> Subject: Re: DBU and it's competitors 
> 
> 
> Not sure why you don't want to work with App Admin - it's really 
> quite simple. It's not the same as the packet stuff. You go into 
> iSeries (Ops) Navigator, right-click on a connection, click on 
> Application Administration, click on the Host Applications tab, then 
> open AS/400 TCP/IP Utilities, then open File Transfer Protocol (FTP), 
> then open the FTP server area and work with the users and block them 
> as needed. It applies, AFAIK, to the user, no matter what PC or 
> whatever they use to try to get in. Not just the one where you set it 
> up. So it should be possible not to install AppAdmin on user PCs and 
> be safe using just your PC for configuration. And you have to have 
> *SECADM anyway to change this stuff. Also, from V5R2 it is possible 
> to have a single server that holds the settings for others. 
> 
> At 10:18 AM 1/22/2006, you wrote: 
> 
> >I'm guessing that NetIQ might be a more expensive solution but one 
> >that I can implement and maintain quickly and have good support for 
> >(hopefully, NetIQ support's as good as IBM's), instead of me having 
> >to work with AA. 
> > 
> >Make sense? 
> > 
> > 
> >-----Original Message----- 
> >From: vhamberg@xxxxxxxxxxx 
> >To: Midrange Systems Technical Discussion 
> >Sent: Fri, 20 Jan 2006 19:44:21 +0000 
> >Subject: Re: DBU and it's competitors 
> > 
> > 
> >You CAN handle user profiles with App Admin in iSeries Access. You 
> >can also set 
> >up some kind of packet filter rules in iSeries Access, IIRC. Look 
> >under Network 
> >in the items under a connection there. I THINK those can handle some of 
> >this, 
> >but others will have actual knowledge based on experience. 
> > 
> >-------------- Original message -------------- 
> >From: fbocch2595@xxxxxxx 
> > 
> > > Hi, if I wanted only several usrprf's or ip addresses to b/able 
> > to ftp could I 
> > 
> > > use this NetIQ to do that? Do I need an exit point program or does NetIQ 
> > > provide that? 
> > > Thanks 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > -----Original Message----- 
> > > From: ISNM 
> > > To: midrange forum 
> > > Sent: Fri, 20 Jan 2006 07:55:45 -0800 (PST) 
> > > Subject: Re: DBU and it's competitors 
> > > 
> > > 
> > > If you already own NetIQ's (formerly PentaSafe's) PSSecure 
> > product, which is 
> > > most often purchased for the exit point management capabilities 
> > (RRM - Remote 
> > > Request Management), there is a module called Secure File Editor (SFE). 
> > > Green-screen only, but is easy to use. 
> > > 
> > > Steven W. Martinson, CISSP, CISM 
> > > Consultant - Servique, LLC 
> > > 
> > > Cell 281.546.9836 
> > > www.servique.com 
> > > 4801 Woodway Drive, Suite 300E 
> > > Houston, TX 77056 
> > > 
> > > "Uniquely Qualified" 
> > > 
> > > 
> > > 
> > > --------------------------------- 
> > > Yahoo! Autos. Looking for a sweet ride? Get pricing, reviews, & 
> > more on new 
> >and 
> > > used cars. 
> > > -- 
> > > This is the Midrange Systems Technical Discussion (MIDRANGE-L) 
> > mailing list 
> > > To post a message email: MIDRANGE-L@xxxxxxxxxxxx 
> > > To subscribe, unsubscribe, or change list options, 
> > > visit: http://lists.midrange.com/mailman/listinfo/midrange-l 
> > > or email: MIDRANGE-L-request@xxxxxxxxxxxx 
> > > Before posting, please take a moment to review the archives 
> > > at http://archive.midrange.com/midrange-l. 
> > > -- 
> > > This is the Midrange Systems Technical Discussion (MIDRANGE-L) 
> > mailing list 
> > > To post a message email: MIDRANGE-L@xxxxxxxxxxxx 
> > > To subscribe, unsubscribe, or change list options, 
> > > visit: http://lists.midrange.com/mailman/listinfo/midrange-l 
> > > or email: MIDRANGE-L-request@xxxxxxxxxxxx 
> > > Before posting, please take a moment to review the archives 
> > > at http://archive.midrange.com/midrange-l. 
> > > 
> >-- 
> >This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list 
> >To post a message email: MIDRANGE-L@xxxxxxxxxxxx 
> >To subscribe, unsubscribe, or change list options, 
> >visit: http://lists.midrange.com/mailman/listinfo/midrange-l 
> >or email: MIDRANGE-L-request@xxxxxxxxxxxx 
> >Before posting, please take a moment to review the archives 
> >at http://archive.midrange.com/midrange-l. 
> >-- 
> >This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list 
> >To post a message email: MIDRANGE-L@xxxxxxxxxxxx 
> >To subscribe, unsubscribe, or change list options, 
> >visit: http://lists.midrange.com/mailman/listinfo/midrange-l 
> >or email: MIDRANGE-L-request@xxxxxxxxxxxx 
> >Before posting, please take a moment to review the archives 
> >at http://archive.midrange.com/midrange-l. 
> 
> -- 
> This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list 
> To post a message email: MIDRANGE-L@xxxxxxxxxxxx 
> To subscribe, unsubscribe, or change list options, 
> visit: http://lists.midrange.com/mailman/listinfo/midrange-l 
> or email: MIDRANGE-L-request@xxxxxxxxxxxx 
> Before posting, please take a moment to review the archives 
> at http://archive.midrange.com/midrange-l. 
> -- 
> This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list 
> To post a message email: MIDRANGE-L@xxxxxxxxxxxx 
> To subscribe, unsubscribe, or change list options, 
> visit: http://lists.midrange.com/mailman/listinfo/midrange-l 
> or email: MIDRANGE-L-request@xxxxxxxxxxxx 
> Before posting, please take a moment to review the archives 
> at http://archive.midrange.com/midrange-l. 
> 

As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.