|
Thanks John. You've confirmed what I've suspected. I've used web support to log a problem on the matter, and now I'm involved in a headache-inducing exchange with support. I've reported that some clients are able to connect just fine and I've asked, "How do I prevent PC5250 from using remote command server?" and "Under what circumstances does a PC5250 session connect without making a remote command server request?" I've requested that they explain the difference between the sessions and explain the circumstances that would require a remote command server call. All I'm getting back is "we know what your problem is -- you need to enable port 8475 and remote command server and this is how you do it." I can't believe that presenting an emulated terminal requires authentication in the first place, let alone internally executed remote command calls. I can launch Windows telnet and get to a sign on screen without all this crap. It's even more bizarre that it's not predictable. Waah. -Jim -----Original Message----- From: John Earl [mailto:john.earl@powertechgroup.com] Sent: Thursday, November 21, 2002 1:18 PM To: midrange-l@midrange.com Subject: RE: CA remote command server port Jim, I think what you are referring to is that the Client Access Central Server and/or Signon Server uses Remote Command (in certain cases) to complete the Signon process. This is a wrong-headed implementation by the Client Access team that requires that you allow all of your users to use the remote command server in order to use Client Access - and of course the remote command server allows those same users to run other commands on your iSeries. It now is much more difficult (but not impossible) for you to limit which commands and programs can be used by the remote users. You're going to have to query those inbound transactions and determine what resources they are trying to access. Port blocking and similar firewall restrictions will only give you all or nothing control over the use of the remote command server. You're going to have to get more granular in order to get any real security. jte John Earl - john.earl@powertechgroup.com The PowerTech Group - Seattle, WA +1-253-872-7788 - www.powertech.com -----Original Message----- From: midrange-l-admin@midrange.com [mailto:midrange-l-admin@midrange.com] On Behalf Of Jim Damato Sent: Wednesday, November 20, 2002 9:05 AM To: midrange-l@midrange.com Subject: CA remote command server port I need some help understanding how Client Access Express uses remote command server (PC to AS/400). Remote command supposedly uses port 8475, which we have turned off from certain network entry points. Some of our CA Express users can get in, but others fail as they login to the initial prompt before PC5250. I can't figure out what's making certain PC client configurations think they need port 8475 for remote command, and I can't figure out how to remove the requirement from their CA configuration. There's nothing I can find in CA Express administration that explicitly mentions remote command functions, or where it might be selected and used. Does anyone have any experience with this? Much thanks... -Jim James P. Damato Manager - Technical Administration Dollar General Corporation <mailto:jdamato@dollargeneral.com>
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
