midrange-l-request@xxxxxxxxxxxx wrote:

>   1. Relational Database Directory Entries, DDM and remote journal
>
>We are using Vision OMS400 remote journal function for our HA. During the
>role swap, we have to remove our backup *local RDB entry and rename it to
>the production *local RDB entry as our application hard code the RDB entry
>name in the programs. (We are on V5R2)
>The strange thing  is after we recreate *local RDB entry, we have to run a
>"CHGDDMTCPA  PWDRQD(*NO)" command.  Otherwise, the system will change
>PWDREQ to *YES automatically and we can not activate our remote journal.
>Anybody know the relationship among DDM TCP/IP Attributes,  Local RDB entry
>and remote journal?

James:

My apologies for responding so late. I didn't see this until late Monday and 
then looked through other posts to see if other responses came through. Then, 
work got in the way, etc., etc.

Now...

I suspect that few sites regularly delete and recreate their *LOCAL RDB entry, 
and fewer check their DDM TCP/IP attributes after. Of those that do check, most 
possibly have PWDRQD(*YES) already, so they'd never notice. On a V5R2 system, I 
just tested and got the same result -- PWDRQD(*YES) was forced even after I had 
it set to *NO.

I'm pretty sure it's deliberate as well as being a _VERY_ good idea! Many of us 
would jump all over Microsoft if they left a security exposure like this out in 
the wild. It could be a catastrophe for many iSeries sites. I think IBM is 
simply protecting us by way of defaulting the attribute to *YES when the 
underlying configuration data is recreated. Note that a message is displayed 
when the *LOCAL RDB is deleted and the message warns of loss of configuration 
data.

If you're running TCP/IP DDM, you should never allow access without a password. 
It can effectively leave your system wide open, perhaps even to the internet.

Use server authentication entries to set profiles/passwords for TCP/IP DDM. 
Commands are ADDSVRAUTE plus CHG/RMV/DSP variations. Help for the commands 
gives details. Also make sure that system value QRETSVRSEC is set to '1' in 
order to preserve authentication entries (and validation lists if used).

Tom Liotta


As an Amazon Associate we earn from qualifying purchases.

This thread ...


Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.