I am not a big fan of limit device sessions. The theory is that back when
there were these things called twinax devices one could have one terminal
on their desk. And, initially, they were limited to one session. The
problem was that "SALLY" could share her user id with Rosie and they could
both sign on as SALLY, each on their own terminal at their own desk. This
system value was an ideal to thwart this. Several decades passed. One of
the first steps on the evolutionary trail was that IBM came out with
twinax devices with more than one session. SALLY was happy. Now she
could be in material status inquiry on one session and entering orders on
a different session. All was well. UNLESS the system value was set up to
limit her to one session. This made SALLY sad and killed her
productivity. Twinax has long passed for many people. Those people still
using a text based interface mainly use PC's with 5250 emulation software.
SALLY still wants her multiple sessions. But that system value is still
there to thwart her.

The problem is that many auditors have come up with a standard audit list
from 20 years ago on how to audit an AS/400 and they are still using it on
the newer IBM i. Now we have web interfaces, network shares,
Client/Server based software, FTP access, file transfer stuff, direct
access to Excel and a host of other interfaces. And none of them limit
SALLY to just one connection at a time. Only the 5250 text based
interface does.

Respect the auditors intention. They want to keep SALLY from sharing her
userid and password with others in the office. That's a noble goal.
However you want to respect SALLY's wish to be productive. The compromise
is to NOT use QLMTDEVSSN and instead to use a telnet exit point, or, an
"initial program" for the user profile to see if the user is currently
active on any other 5250 session from a different IP address. There are
quite simple ways to accomplish this.

Understand?


Rob Berendt

As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.