× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.



Specifying limited capability on the user profile does not limit access to all commands. What determines that is ALWLMTCPB *yes or *no on the command itself when the command is created or changed with CRTCMD or CHGCMD.

Shannon ODonnell wrote:
OK...I'm an idiot.

The "public" user profile I swap to prior to telnetting to a remote
AS/400 has LMTCPB(*NO) on it which allowed commands to be ran from the
command line. The whole time I thought I was using another user profile
than the one I was actually using. And the one I thought I was using had
LMTCPB(*YES) specified on it.


Even though the user can see the command line from the telnet atn key
menu, they cannot do anything on it now that I've set the LMTCPB
paramter correctly on the correct user profile.

Sigh...I need a vacation....


Shannon O'Donnell






-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx
[mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Shannon ODonnell
Sent: Friday, February 13, 2004 10:54 AM
To: 'Midrange Systems Technical Discussion'
Subject: RE: Diabling Telnet Attention key


Yeah, you know...I tested the very same thing after I posted my reply
this morning and it worked that way for me too.


The strange thing that I'm seeing, and it's entirely possible that I'm
totally misunderstanding what I'm seeing or what's going on...(wouldn't
be the first and certainly won't be the last time I make a
mistake...)...but

For what I'm doing... In a CL program I swap the original user profile
to a new profile (a public user that has special authorities for the
application) using a couple of security apis. It is this new profile
that I telnet to the remote system.


Now...once on the remote system, that user can press the atn key and
see the atn key menu and command line.


What happens then is that the user is able to enter commands on the
command line such as "CALL" or "WRKACTJOB". This despite the fact that
for both the original user profile and the public user profile, the
LMTCPB paramater is set to (*YES) and the ATNPGM parm is set to *NONE.


What I am wondering... Since I log onto the very first AS/400 via Client
Access with my "normal" user profile, which has *SECADM authorities in
it, and then sign on to a 5250 session using the "limited" profile
before telnetting....I'm wondering if the Telnet Send Control Functions
menu is picking up the authorities from my original user profile that
started the first Client Access session?


In any event, on Monday, I'll be at a dumb terminal and I'll sign on
directly from there using only the limited profile and see what happens.

Thanks all for your responses and creative (Scott) answers!



Shannon O'Donnell







_______________________________________________ This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe, unsubscribe, or change list options, visit: http://lists.midrange.com/mailman/listinfo/midrange-l or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a moment to review the archives at http://archive.midrange.com/midrange-l.





As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.