Maybe things have changed, but I thought the "allow bypass signon" was a system value. I haven't tried enabling the client setting in years.
--
Sean Porterfield
________________________________________
From: midrange-l-bounces@xxxxxxxxxxxx [midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of rob@xxxxxxxxx [rob@xxxxxxxxx]
Sent: Monday, November 29, 2010 08:44
To: Midrange Systems Technical Discussion
Subject: RE: Login Issues at QPWDLVL 2 for some users

How do you "not allow" the bypass? If it's at configuration time on each
client don't you think that's easily changed?


Rob Berendt
--
Group Dekko
Dept 1600
Mail to: 2505 Dekko Drive
Garrett, IN 46738
Ship to: Dock 108
6928N 400E
Kendallville, IN 46755
http://www.dekko.com





From: "Chris Bipes" <chris.bipes@xxxxxxxxxxxxxxx>
To: "Midrange Systems Technical Discussion" <midrange-l@xxxxxxxxxxxx>
Date: 11/24/2010 12:21 PM
Subject: RE: Login Issues at QPWDLVL 2 for some users
Sent by: midrange-l-bounces@xxxxxxxxxxxx



Both are valid concerns. First you can require and only run your telnet
server via SSL. That takes care of the user sign on being passed in the
clear. The second approach does allow someone walking up to a unsecured
PC and accessing the iSeries as the PC user. Again secure you PC's
because there are other security issues besides just the telnet session.
Also the auto logon does not help if someone logs off their telnet
session then comes back and logs on without closing and reopening the
session. I do not like allowing the bypass an force the SSL. That is,
in my opinion, the most secure way to control access via telnet.

--
Chris Bipes
Director of Information Services
CrossCheck, Inc.

-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx
[mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Gord Hutchinson
Sent: Wednesday, November 24, 2010 8:33 AM
To: Midrange Systems Technical Discussion
Subject: Re: Login Issues at QPWDLVL 2 for some users

On Wed, 24 Nov 2010 11:17:02 -0500, Charles Wilt
<charles.wilt@xxxxxxxxx> wrote:

Gord,

Unless you're using encrypted telnet, the user id and password type
into the 5250 green screen sign on are sent in the clear; a network
sniffer can easily see them.

However, when using bypass-signon, the user id and passwords are
encrypted into the request to start the session even when the
resulting telnet session is unencrypted.

Thanks. I didn't realize that. Our concern is that if you
bypass-signon,
someone just needs to disconnect and reconnect the 5250 iseries access
session and it will automatically sign you on. Potentially as someone
else.

This email is confidential, intended only for the named recipient(s) above and may contain information that is privileged. If you have received this message in error or are not the named recipient(s), please notify the sender immediately and delete this email message from your computer as any and all unauthorized distribution or use of this message is strictly prohibited. Thank you.

As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.