×
The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.
As I understand it, the server authority entry will just replace
the USRID and optionally the PASSWORD for the requester. If no
server authority entry exists which matches the request [resolving
specific to generic], the current user profile name and password is
used for the connection user ID in negotiating a connection. Thus
*IP DDM files should be functional without any ADDSRVAUTE, neither
for the QDDMSERVER nor RDB-name [nor *ALL as a more generic catch]
as the SERVER(), at least when there is a matching user profile &
password on the remote system.?
The use of the RDB as redirect for the DDM file on how to
negotiate the connection, enables indirectly an additional RMTAUTMTH
[Remote Authentication Method] parameter [on the ADDRDBDIRE], with
an optional ability to restrict or enable negotiating a lower [less
secure] authentication method. The default security method or
mechanism [called SECMEC in a link below] used for DDM files is
essentially the *USERIDPWD, but has no option to control if a higher
or lower authentication method is used in response to the UserID and
password that gets sent; i.e. use of just *USRID may be negotiated,
for only a user identifier required to establish the connection [if
the CHGDDMTCPA has *NO set for its PWDRQD() "password required"
parameter], for which I infer the default user QUSER in the QRWTSRVR
is used like for an *SNA connection default user.?
http://publib.boulder.ibm.com/infocenter/iseries/v5r3/topic/ddm/rbae5sourcesecurity.htm
http://publib.boulder.ibm.com/infocenter/iseries/v5r3/topic/ddm/rbae5failures.htm
http://publib.boulder.ibm.com/infocenter/iseries/v5r3/topic/ddp/rbal1elementsusetcp.htm
Regards, Chuck
Evan Harris wrote:
My recollection was that DDM files defined over an IP connection
require a server authentication entry.
First time I defined that stuff was at V5R2 so I have no
recollection of what V5R1 had or didn't have. Come to think of it
- I don't remember working on V5R1 except for a couple of test
boxes.
Vern Hamberg wrote:
I looked at a v5r4 machine and saw no entries for my profile.
Those don't even exist on our v5r1 machine.
Seems I remember you saying something about IASPs in this
context - but I've not tested that kind of thing.
Confused!!
Evan Harris wrote:
Yes it can be done. I've seen it done a couple of different
ways.
Do you have the DDM Server started and also does it require a
password ?
Note also when setting up TCP DDM files that you need to add
a server authentication entry ADDSVRAUTE for the target
system.
Jose Antonio Salazar wrote:
I was asked if a small set of DDMFs can be created pointing
to the same IBM i. That way we could use a single machine
for development.
Using RMTLOCNAME(MYSYSTEM *SNA) and attempting a DSPPFM
fails with: "Remote location AFIRMED for program device
DDMDEVICE was not found."
Using RMTLOCNAME(LOCALHOST *IP) or RMTLOCNAME('127.0.0.1'
*IP) and attempting a DSPPFM fails with: "A remote host
refused an attempted connect operation."
I'm not knowledgeable enough about device or network
configuration to conclude that it can't be done, though.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact
[javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
