× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.



<I hate putting USERS into aux sec files.>

AMEN to that Chris ! And our vendor even uses Group Profiles !

Chuck

-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx
[mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Chris Bipes
Sent: Wednesday, March 01, 2006 11:16 AM
To: Midrange Systems Technical Discussion
Subject: RE: Tying in biometric scanning to 5250 sign on

See in line comments: **


Christopher Bipes
Information Services Director

-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx
[mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Wilt, Charles
Sent: Tuesday, February 28, 2006 5:20 PM
To: Midrange Systems Technical Discussion
Subject: RE: Tying in biometric scanning to 5250 sign on

I don't know about 3rd party emulators, but I assume their vendors could
add bypass sign on support if the wanted assuming they don't already
have it.

As far as not allowing bypass sign on, why not?  By-pass sign on passes
the user ID & sign on encrypted, whereas the 5250 sign on screen passes
it unencrypted.  Unless you are using SSL tn5250, by pass sign on is
more secure.
** They do, not that we have more secure desktops, this needs to be
re-visited.  We did not like a PC being left signed on and any one being
able to walk up and open the emulator and be signed on at the PC user.
With XP and AD we have prevented the PC from being access with policies
about secured screen saver.

As far as your external customers, it would seem to me that you could
make use of SSO.  After all, SSO uses Kerberos and active director isn't
the only Kerberos server out there.  I'm no expert, but I'd be willing
to bet a six pack that you could get SSO to work for your external
users.
** This will take some more research and knowledge.  Would I have to
open our AD to the Internet?  If so, what security implementations would
that cause?

I don't see much of a solution with you 3rd party apps except to ask the
vendor to support the iSeries user profiles directly instead of a custom
authentication.
** We have.  Gone no where.  Wish I was more involved in the decision
process.  I can't even get these vendors to use the Group Profile
capacity of user profiles.  I hate putting USERS into aux sec files.



As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.