Note that this does not stop the Send Telnet Control Functions menu from
showing up -- it does though give you control when the user selects option
1 (Interrupt Process - IP).  There is a different exit point for the
Attention key but that unfortunately doesn't block access to the menu due
to the current telnet implementation.



                                                                           
             "Shannon                                                      
             ODonnell"                                                     
             <sodonnell@irish-                                          To 
             studios.com>              "'Midrange Systems Technical        
             Sent by:                  Discussion'"                        
             midrange-l-bounce         <midrange-l@xxxxxxxxxxxx>           
             s@xxxxxxxxxxxx                                             cc 
                                                                           
                                                                   Subject 
             05/03/2004 12:26          RE: Preventing ALT-SYSREQ           
             PM                                                            
                                                                           
                                                                           
             Please respond to                                             
             Midrange Systems                                              
                 Technical                                                 
                Discussion                                                 
                                                                           
                                                                           




Very cool!  I've been looking for a way to block access to the Interrupt
Process - IP menu item and/or the Send Telnet Function menu for quite
awhile
now.   Thanks for the heads-up on this.


Shannon O'Donnell




-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx
[mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Bruce Vining
Sent: Monday, May 03, 2004 12:16 PM
To: Midrange Systems Technical Discussion
Subject: RE: Preventing ALT-SYSREQ


A quick test on a V5R2 telnet target system shows that the Presystem
Request
Exit Program (when specified on the target system) gets control in the
Telnet Interrupt Process scenario and can block access to System Request.




             "Shannon
             ODonnell"
             <sodonnell@irish-                                          To
             studios.com>              "'Midrange Systems Technical
             Sent by:                  Discussion'"
             midrange-l-bounce         <midrange-l@xxxxxxxxxxxx>
             s@xxxxxxxxxxxx                                             cc

                                                                   Subject
             05/03/2004 11:35          RE: Preventing ALT-SYSREQ
             AM


             Please respond to
             Midrange Systems
                 Technical
                Discussion






Revoking rights works in MOST situations. However, if you allow the user to
Telnet to another AS/400,  then if they press the attention key, they will
see a Send Telent Function menu, which has an option, "Interrupt Process -
IP" which, when taken, allows access to all that stuff again. This works
even when you specify ATNPGM(*NONE) at both the user profile and System
Value level.  I guess because this funtion is part of the Telnet protocol
and not necessarily OS/400.  I don't know if Bruce's solution of using the
APIs will also address this or not.


Shannon O'Donnell




-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx
[mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of
michaelr_41@xxxxxxxxxxxxxx
Sent: Monday, May 03, 2004 11:04 AM
To: Midrange Systems Technical Discussion
Subject: Re: Preventing ALT-SYSREQ

you essentially revoke their rights to the sys-request screen...I'll bet
it's in the archives here.

On Mon, 3 May 2004 10:56:03 -0500, "Bill Freiberg"
<bfreiberg@xxxxxxxxxxxx> said:
>
>
>
>
> Is there any way to prevent a user from using ALT-SYSREQ while in a
> certain function/screen?
>
> I am trying to put together a use detection monitor for a break glass
> type user profile. I have it askoing for the users "real" user id and
> password, validting with the handle APIs, and sending usage
> notifcation e-mails, but I need to prevent the user from being able to
> ALT-SYSREQ out to bypass it.
>
> **********************************************************************
> * The information contained in this communication is confidential, is
> intended only for the use of the recipient named above, and may be
> legally privileged. If the reader of this message is not the intended
> recipient, you are hereby notified that any dissemination,
> distribution, or copying of this communication is strictly prohibited.
> If you have received this communication in error, please re-send this
> communication to the sender and delete the original message or any
> copy of it from your computer system.
>
> _______________________________________________
> This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
> list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe,
> unsubscribe, or change list options,
> visit: http://lists.midrange.com/mailman/listinfo/midrange-l
> or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take
> a moment to review the archives at
> http://archive.midrange.com/midrange-l.
>
--

  michaelr_41@xxxxxxxxxxxxxx

--
http://www.fastmail.fm - A fast, anti-spam email service.
_______________________________________________
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe, unsubscribe,
or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a
moment to review the archives at http://archive.midrange.com/midrange-l.




_______________________________________________
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe, unsubscribe,
or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a
moment to review the archives at http://archive.midrange.com/midrange-l.




_______________________________________________
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe, unsubscribe,
or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a
moment to review the archives at http://archive.midrange.com/midrange-l.




_______________________________________________
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.





As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.