× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. March 2012

Re: Signon Panel - How to Prevent Access

Automatic configuration of /NEW/ devices, yes, but what about the ones that already exist?

That also does not stop me from logging on with FTP, and issuing the proper commands to create a device and then start it, or even putting the commands into an SQL script that I run from Navigator. There are more ways to get around the system value but you get the point.

Shannon is correct about needing the Telnet Exit program.

Another slightly more sneaky way to do it is with and interactive routing program. You set your interactive subsystem up with a routing program (CL does this very nicely) that checks to see who it is starting the session, determines if they should or should not be using that device or number of sessions signed on and so on... Very easy to do even at V5R1 which is where I think Jerry is stuck at.

Jim Oberholtzer
Chief Technical Architect
Agile Technology Architects


On 3/16/2012 2:48 PM, Paul Therrien wrote:
This may be so, but I would have agreed with Jerry that setting QAUTOVRT
to 0 would prevent the automatic configuration of virtual devices.

Paul Therrien


-----Original Message-----
From:midrange-l-bounces@xxxxxxxxxxxx
[mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Shannon ODonnell
Sent: Friday, March 16, 2012 2:43 PM
To: 'Midrange Systems Technical Discussion'
Subject: RE: Signon Panel - How to Prevent Access

You need a Telnet Exit Program.

Google it. I know I've written two or three articles on how to do this
(code samples) over the years and probably others have too so you'll
find one pretty easy I'd think.

It's very easy to do the exit pgm for this but make sure you have
everything correct because it's also easy to screw it up and lock
everyone out of
telnet.

TIP: Make sure you keep one or two sessions already logged on while you
test this because if you break it...you won't be able to log in from
anywhere...it will not affect you already active sessions though.



-----Original Message-----
From:midrange-l-bounces@xxxxxxxxxxxx
[mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Jerry C. Adams
Sent: Friday, March 16, 2012 2:29 PM
To: Midrange-L
Subject: Signon Panel - How to Prevent Access

I have system values set as:

QAUTOCFG = 0

QAUTOVRT = 0

Which, I thought, would prevent a telnet service, such as iSeries Access
or Telnet from a DOS command line, from gaining access to a System i.
That is, no signon panel, no login.



Obviously, that's not true (we're on V5R1). I was just working with a
purchasing guy. He already had iSeries Access installed but no PC5250
session configured. So, without thinking, I started the Create New
Session.
My immediate thought was, as I intimated earlier, "This is going to blow
up." But it didn't. I got one of those generic QPADEVxxxx sessions.



I, also, got the QPADEVxxxx signon when I ran Telnet from a DOS command
box.



Is there any system value or whatever that would prevent access to a
signon panel?



Jerry C. Adams

IBM i Programmer/Analyst

Some of the facts are true, some are distorted, and some are untrue. -
U.S.
State Department spokesman

--

A&K Wholesale

Murfreesboro, TN

615-867-5070



--

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.