× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.



Be careful, users can invoke commands through ftp, even when they have
mandatory menu in the profile.

On Mon, Jan 10, 2022 at 3:06 PM Stephen Landess <steve_landess@xxxxxxxxxxx>
wrote:

Duane:

At my previous client, we created what we call a "Service Account":
An IBM i user profile which was set up with specific authorities and IFS
permissions for tasks like this.

The Service Account user profile is *ENABLED but has no password and the
users are have *USE authority to it.
In our case there is no security exposure since none of the users has
command line authority on the system.

The Service Account was used for doing file transfers from the IFS to
Windows file servers when using QNTC by using profile swapping.

For example, since IFS permissions work like Unix rather than IBM i
authorities, the Service Account user had permissions for certain IFS
folders, and the corresponding Windows Service Account (having the same
user name and password) had the necessary permissions to certain target
file shares and folders, such that when a program uses CPYTOIMPF to copy
files from the IFS to the windows server or CPYFRMIMPF to copy data from
the Windows server back to a IFS folder that it wouldn't fail because of
permission failures.

The file transfer program does the following:

1. Calls the QSYGETPH API to get profile handles for the current
profile and the Service Account.
2. Calls the QWTSETP API API to swap profile to the Service Account
3. Runs the necessary commands to copy data from/to the IFS
4. Calls the QWTSETP to swap profile back to the original user
5. Calls QSYRLSPH to release the profile handles obtained in (1)

Step 5 is very important - you must release the profile handles:

https://www.ibm.com/docs/en/i/7.4?topic=ssw_ibm_i_74/apis/QSYGETPH.htm

[...]
"Profile handles are a limited resource; it is possible to run out of
handles. To guarantee that you always have a profile handle to switch back
to, it is recommended that you get a profile handle for both the current
thread and the user profile to which you plan to switch. If for some reason
you cannot do this, and if you cannot get a profile handle that will allow
you to switch back, then it probably is safest to end the thread or job."
[...]

Similarly, you could set up an IBM i profile which has a verifiable
associated email address to use when using SNDDST or SNDSMTPEMM and change
your program(s) and incorporate this strategy to allow for all users that
are sending emails from the IBM i to use the shared service account for
sending emails.

Regards,
Steve Landess
(512) 289-0387

________________________________
Duane wrote:

Been using this CL for years,
0018.00 PGM
0019.00
0036.00
0037.00 SNDDST TYPE(*LMSG) TOUSRID((PLUIJ S1017045) +
0038.00 (BENKA300 S1017045) +
0038.01 (NELSK S1017045) +
0038.02 (DANND S1017045) +
0038.03 (CHRIS S1017045)) DSTD('job on hold') +
0038.04 LONGMSG('Accounting is done in
Canada!!')

Now it doesn't work.
We switched our SMTP from a on premise Exchange server to a O365 smtp
relay
that requires authentication (a "from" email address)

When trying to send emails from i-series, we need to change the "from
SMTP email address" so they are all the same for different profiles, in
WRKDIRE
We can change 1 with the correct credentials and it works, but the
address can only be used on 1 user, and we have different profiles that
need to use this
This works only if I run it which is DANND

Change Name for SMTP
System:
FAIRMONT
User ID/Address . . . . . : DANND S1017045

Type choices, press Enter.

SMTP user ID . . . . . . donotreply
SMTP domain . . . . . . . AWTX-ITW.COM

If I change my smtp use rid ...... back to ddanner and then give

Change Name for SMTP
System:
FAIRMONT
User ID/Address . . . . . : NELSK S1017045

Type choices, press Enter.

SMTP user ID . . . . . . donotreply
> SMTP domain . . . . . . . AWTX-ITW.COM

This doesn't work when she runs it.
Lost

Then John Yeung wrote:
I don't know how to set up email, so someone can tell me if this isn't
going to work for your situation, but...

For a long time now (since 6.1), the IBM-included way to send email is
the SNDSMTPEMM command. Very simple to use and you can't beat the
price. You should give that a try.

We have Office 365 as well, and that command works on our system for
internal emails. We can't send external emails that way, but I don't
know if it's because our administrator chose to block that capability,
or there's a technical reason why it won't work.

So maybe that would suffice for your needs. If not, and you can spend
a relatively small amount on a subscription basis, then Brad Stone's
MAILTOOL is definitely worth a look.

(For the record, our shop actually doesn't use SNDSMTPEMM or MAILTOOL,
but I've tried them both.)

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription related
questions.

Help support midrange.com by shopping at amazon.com with our affiliate
link: https://amazon.midrange.com


As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.