|
Just a note on this, in my own modification of the Telnet Init Program (it coulda even been the same one) I am doing this for specific machines (wireless bar code scanners) and so what I do is look at the IP address, if it's a scanner IP address I set the user name automatically and auto signon yes, otherwise autosignon no. I also made sure that the user name that is automatically signing on is a very low security profile with Limited Capabilities and no command line, so that if someone did break in, they couldn't do much. Regards, Jim Langston -----Original Message----- From: Scott Klement [mailto:klemscot@klements.com] Hi, Normally, the telnet device initialization program runs "when the device is initialized", which is before it displays the sign-on screen. Therefore, the user desription info will be blank. The exception to that is when the user uses a "bypass sign-on screen" or "auto-signon" function found in some emulators. When that's used, the emulator sends the username, password, program, library, etc to the system during the option negotiation phase. In that case, the data is sent during the option negotiation phase, and no sign-on screen is displayed. You don't see "User Name" because it's called "User Profile" (they mean the same thing) Incidentally, ISOTELIR4 is something that I wrote (despite that no credit appears to have been given) and there are some security implications when using it. 1) The peAutoSignOn parameter is currently left at off, as long as this is not changed, everything is safe -- but nobody will be able to use auto-signon. If you changed the code to simply set it to *ON, then everyone can auto-signon WITHOUT NEEDING A VALID PASSWORD. The correct way to handle this parameter is to check the "dsCnnPWvalid" variable from the connection description info. Only set the peAutoSignOn to *ON if the password is valid. For example, you might do this: 0176.00 C* KLEMSCOT can can bypass the sign-on screen 0177.00 C* if he provides a valid password 0178.00 c select 0179.00 c when dsUserProfile='KLEMSCOT' 0180.00 c if dsCnnPWvalid = '1' 0181.00 c or dsCnnPWvalid='2' 0182.00 c eval peAutoSignOn = *On 0183.00 c endif 0184.00 0185.00 C* User-IDs beginning with a 'Q' can never bypass 0186.00 C* the sign-on screen: 0187.00 c when %subst(dsUserProfile:1:1)='Q' 0188.00 c eval peAutoSignOn = *Off 0189.00 0190.00 c* Other users can bypass sign-on, but only if they 0191.00 C* pass an encrypted password: 0192.00 c other 0193.00 c if dsCnnPWvalid='2' 0194.00 c eval peAutoSignOn = *On 0195.00 c endif 0196.00 c endsl 2) Because of #1, anyone who has access to change/recompile this program can give himself the ability to log on as any user without a password. He could, for example, log on as QSECOFR and give himself *ALLOBJ authority. Make sure you understand these implications before using ISOTELIR4 (or any other telnet device initializtion exit program) so that you don't open your system up to trouble.
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
