× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. August 2004

RE: Replacing the AS400 signon manager?

As far as the exits go and being able to set the identity that the job will
execute under, the FTP server is the most flexible.  The logon exit is
called prior the OS validating the supplied credentials.  I can't remember
but I think this is the case for TFPT and for REXEC.  Because of the need
for supporting the Anonymous user, the exit allows you to set the jobs
identity to your choosing.

For all of the host servers (Database, Data Queue, Remote Command...) your
signon is validated before the exit is called and they don't have a return
parameter to set the identity.  You can however do a swap. 

NetServer falls into the host server category above but is more of a pain in
the rear end (I had to resend because the list bounced the email because I
used the A word) because the server does not own the socket is using to
communicate with.

For Telnet, the exit fires prior to the user ever being presented a screen
so you won't be able to prompt them for their secret.  You can't do a swap
because this exit is called from one of the Telnet jobs.

For telnet your best option is to either create a routing program or an
initial program that you can do your extra prompting in.  These are also the
only way to support what you want from a dumb terminal.  You do have some
other things that you have to control - System Request menu and Attention
menu access.  


-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx
[mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of jared
Sent: Friday, August 06, 2004 9:25 AM
To: Midrange Systems Technical Discussion
Subject: RE: Replacing the AS400 signon manager?

> In order to get a clear idea of what you want, can you please provide
> three scenarios of what your users should see? Describe telnet, FTP
> and iSeries file transfer, and that might be enough for a reasonably
> full response (perhaps close to what's reasonable as "full".)

I really don't want the client software to change at all, in look and feel
or underlying code.  But for some users, I want the "password" entered at
the prompt to be characters that prove they know a secret that isn't the
password stored with their AS400 user profile.

On the server, I want that info passed into an exit program that talks to
a secret-verifying service, determines whether to allow the signon, and
continues the session under whatever user profile I want to map onto the
username.

So the out of band communication doesn't involve the client, just more
server-side code that knows what to do with the non-standard auth strings.

Is this only possible when logging in via some channels and not others?

-Jared

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.