RE: User profile question

[Patrick Botz <botz@xxxxxxxxxx>]

I don't believe you can authenticate to FTP with a disabled profile. You
could write an exit program that causes the request to run under an
explicitly specfied profile.

If anyone has proof  that a disabled profile can authenticate to the FTP
server, you should report it immediately as a sev 1 security bug.

Patrick Botz
Senior Technical Staff Member
Rochester CTC, eServer Security Architecture & Consulting
iSeries Security Architect
(507) 253-0917, T/L 553-0917
CTC Fax # 507-253-2070
email: botz@xxxxxxxxxx

For more information on CTC, visit our website at
http://www.ibm.com/eserver/services
http://www.ibm.com/servers/eserver/services


midrange-l-bounces@xxxxxxxxxxxx wrote on 01/25/2006 12:46:05 PM:

> Disturbing but true.  That is why exit programs are so important..
>
> Larry
>
> Larry Ketzes
> Senior Security Project Analyst
> American Life Insurance Company

>
> -----Original Message-----
> From: midrange-l-bounces@xxxxxxxxxxxx
> [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Jim Franz
> Sent: Wednesday, January 25, 2006 11:47 AM
> To: Midrange Systems Technical Discussion
> Subject: Re: User profile question
>
> >In addition, you can even ftp with a disabled profile.
>
> that would be disturbing...
> jim franz
>
> > No, A disabled profile can still be specified as the user id in a job
> > schedule entry and still the job will run fine.  You can also submit a
job
> > using a disable profile and it will run.  In addition, you can even ftp

> > with
> > a disabled profile.
> >
> > Larry
> >
> > Larry Ketzes
> > Senior Security Project Analyst
> > American Life Insurance Company
> >
> > One ALICO Plaza
> > 600 King Street
> > Wilmington, DE 19801
> > Phone: 302-594-2146
> > Mobile: 302-559-1631
> > Email: larry.ketzes@xxxxxxx