× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. February 2006

RE: Technical and Philosophy

That works but here we us named devices and restrict access to devices
using group profiles.  We are phasing out QPADEV* devices since we have
created an internet access to our green screens.  For security you have
to 1. have a valid device name, 2. have access to that device, 3. have
an SSL client that will accept our self signed certificate, 4. have your
IP registered in our telnet exit point database. 5. have your user ID in
our telnet exit point database flagged as remote access allowed.

Hey we don't want just anyone to get a signon screen.  Ok we are phasing
this in, almost there. 

But I do like your routing idea.  By the way we run multiple interactive
subsystems do to the old performance limitations of QINTER.  With new
hardware we probably do not need to, but old habits die hard.  ( And I
can kick off those pesky departments who want to work while we try to
back up their data. )

Christopher Bipes
Information Services Director
CrossCheck, Inc.

707.586.0551, ext. 1102
707.585.5700 FAX

Chris.Bipes@xxxxxxxxxxxxxxx
www.Cross-Check.com

Notice of Confidentiality: This e-mail, and any attachments thereto, is
intended only for use by the addressee(s) named herein and may contain
legally privileged and/or confidential information.  If you are not the
intended recipient of this e-mail, you are hereby notified that any
dissemination, distribution or copying of this e-mail, and any
attachments thereto, is strictly prohibited.  If you have received this
e-mail in error, please immediately notify me by e-mail (by replying to
this message) or telephone (noted above) and permanently delete the
original and any copy of any e-mail and any printout thereof.  Thank you
for your cooperation with respect to this matter.


-----Original Message-----
From: midrange-l-bounces+chris.bipes=cross-check.com@xxxxxxxxxxxx
[mailto:midrange-l-bounces+chris.bipes=cross-check.com@xxxxxxxxxxxx] On
Behalf Of Evan Harris
Sent: Monday, February 06, 2006 10:25 PM
To: Midrange Systems Technical Discussion
Subject: RE: Technical and Philosophy

Hi Chris

Not picking on your suggestion, just you were first in the queue :)

I have to say I really dislike the idea of naming devices and 
allocating them to a subsystem to achieve this.

It can be done relatively simply using a routing entry which has the 
added advantage that when you happen to be logging on remotely you 
don;t have to remember to name your device.

The caveat mentioned elsewhere about running two subsystems applies 
and which one they will be allocated  to.

Most of these commands would be required if creating a second 
subsystem anyway, so there's no damage there.

The steps to do this (from some old notes) are:

This subsystem will allow Telnet Only access as an alternative to
Qinter.
Access to the subsystem will be permitted by use of Routing Entries
rather
than relying on Workstation Names.
Note that this subsystem should not be left operational while QINTER is
active.

Create a class for the subsystem specifying interactive-like parameters.

CRTCLS          CLS(*LIBL/ADMSBS)
TIMESLICE(500)
TEXT('System Admin Class')

Create the subsystem description.

CRTSBSD         SBSD(*LIBL/ADMSBS)
POOLS((*N *BASE))
TEXT('Admin Access')

Add a routing entry allowing permitted users to run OS/400 commands

ADDRTGE         SBSD(*LIBL/ADMSBS)
SEQNBR(10)
CMPVAL('FSADMIN')
PGM(QCMD)

Add a routing entry that signs off users not permitted to access the 
system in administrative mode
Create a program that just does a SIGNOFF command to support the routing
entry.

ADDRTGE         SBSD(*LIBL/ADMSBS)
SEQNBR(20)
CMPVAL(*ANY)
PGM(*LIBL/SIGNOFF)

Create a Job Description with the required Routing Data to access the 
Admin subsystem.
Permitted users should have their profiles modified to use JOBD 
*LIBL/SYSADMIN or a suitable alternative.

CRTJOBD         JOBD(*LIBL/SYSADMIN)
RTGDTA(FSADMIN)

Add a routing entry to QINTER to ensure users can also access the normal
interactive subsystem correctly if it is active

ADDRTGE         SBSD(QSYS/QINTER)
SEQNBR(100)
CMPVAL('FSADMIN')
PGM(QCMD)

I have set up something similar at a few places.

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2025 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.