× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. January 2015

RE: possible to never disable specific user?

Be careful with the IP address on the T-PW entry. We have a RadWare device that concentrates our IP traffic for DR purposes. Unfortunately it also makes all IP traffic look like it is coming from a single IP address. I have absolutely no visibility to the "real" IP address of any device in the company.

Respectfully,
Kendall Kinnear
System Analyst
Standard Motor Products, Inc.
Work: 972-316-8169
Mobile: 940-293-7541

-----Original Message-----
From: MIDRANGE-L [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Monnier, Gary
Sent: Wednesday, January 21, 2015 12:24 PM
To: Midrange Systems Technical Discussion
Subject: RE: possible to never disable specific user?

Rob,

You have a point there. The T-PW can carry the remote IP address which you can track back to. If the IP address can't be traced back to an individual it can be traced to a location.

If you don't have an IP address? Well, it happens and you do your best.


-----Original Message-----
From: MIDRANGE-L [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of rob@xxxxxxxxx
Sent: Wednesday, January 21, 2015 10:06 AM
To: Midrange Systems Technical Discussion
Subject: RE: possible to never disable specific user?

Gary,

If it's not an intentional CHGUSRPRF ... STATUS(*DISABLED) then all that audit log should show you would be someone trying to sign on as that person with no clue who that was. If you're lucky it might store the IP address of the workstation who failed to sign on.


Rob Berendt
--
IBM Certified System Administrator - IBM i 6.1 Group Dekko Dept 1600 Mail to: 2505 Dekko Drive
Garrett, IN 46738
Ship to: Dock 108
6928N 400E
Kendallville, IN 46755
http://www.dekko.com





From: "Monnier, Gary" <Gary.Monnier@xxxxxxxxx>
To: Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxx>
Date: 01/21/2015 12:45 PM
Subject: RE: possible to never disable specific user?
Sent by: "MIDRANGE-L" <midrange-l-bounces@xxxxxxxxxxxx>



You could use exit points to check the user's status. If the profile is disabled notify "someone", this "someone" can then enable the account.
This would be similar to Rob's MessengerPlus example.

Auditing the user profile in question will provide the T-PW entries needed to track down who disabled the profile. I've seen times where such profiles are deliberately disabled to halt work for one reason or another.
Placing the one who disabled the profile in the limelight, so to speak, can go a long way to ensuring disabling is really an accident.

-----Original Message-----
From: MIDRANGE-L [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of rob@xxxxxxxxx
Sent: Wednesday, January 21, 2015 9:14 AM
To: Midrange Systems Technical Discussion
Subject: Re: possible to never disable specific user?

Let me guess, 27 people know the password for QSECOFR. When you change that password someone screws it up and disables that account. Effectively doing a Denial Of Service attack against QSECOFR. So you are trying to prevent this DOS attack.

This fear of a DOS attack against your security accounts is why some people only have QMAXSGNACN vary off the device and not disable the user profile.

Of course, I feel your pain. But, expect someone to reply that your security accounts should be the ones which get disabled the fastest upon incorrect sign on. They have a point also.

Or, instead of QSECOFR, you have a 'generic' account for shop floor personnel or some such department?

For that case, the message monitoring is probably the desired solution.


Rob Berendt
--
IBM Certified System Administrator - IBM i 6.1 Group Dekko Dept 1600 Mail
to: 2505 Dekko Drive
Garrett, IN 46738
Ship to: Dock 108
6928N 400E
Kendallville, IN 46755
http://www.dekko.com





From: Hoteltravelfundotcom <hoteltravelfun@xxxxxxxxx>
To: Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxx>
Date: 01/21/2015 10:37 AM
Subject: possible to never disable specific user?
Sent by: "MIDRANGE-L" <midrange-l-bounces@xxxxxxxxxxxx>



we have disabling of any user if failed password 3x,

can this be changed for specific user to never be disabled?
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.


--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.


--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.

________________________________

Please consider the environment before printing this email.

The content of this e-mail (including any attached files) is confidential and may be privileged and protected by law. It is intended solely for the purpose of the person to whom it is addressed. If you are not the intended recipient of this message, please notify the sender immediately and delete the message (inclusive of any attached files). In addition, if you are not the intended recipient of this message, any disclosure, copying, distribution or taking any action in reliance of the contents of this email is strictly prohibited.

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.