ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzahj_5.4.0.1/rzahjepsf1.htm

64 lines
3.6 KiB
HTML
Raw Normal View History

2024-04-02 14:02:31 +00:00
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en-US" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="dc.language" scheme="rfc1766" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<meta name="dc.date" scheme="iso8601" content="2005-10-03" />
<meta name="copyright" content="(C) Copyright IBM Corporation 1998, 2006" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow"/>
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<title>Create a session endpoint filter</title>
<link rel="stylesheet" type="text/css" href="ibmidwb.css" />
<link rel="stylesheet" type="text/css" href="ic.css" />
</head>
<body>
<a id="Top_Of_Page" name="Top_Of_Page"></a><!-- Java sync-link -->
<script language = "Javascript" src = "../rzahg/synch.js" type="text/javascript"></script>
<a name="epsf1"></a>
<h4 id="epsf1">Create a session endpoint filter</h4>
<p>The following are two different methods for creating a session endpoint
filter on the CHICAGO system in the figure below. They must satisfy the following
requirements:</p>
<ul>
<li>Only the FINANCE location can establish a session with the PAYROLL location.</li>
<li>The CHICAGO location can communicate with any USANET location except PAYROLL.</li>
<li>The CHICAGO location can communicate with LONDON.</li></ul>
<a name="appnnetc"></a>
<div class="fignone" id="appnnetc"><span class="figcap">Figure 12. Two connected APPN networks</span>
<div class="mmobj">
<img src="rv4n400.gif" alt="Two connected APPN networks" /></div></div>
<ul>
<li><span class="bold">Using the QAPPNSSN and QAPPNRMT configuration lists together:</span>
<p>The most secure method for creating a session endpoint filter is to
use the QAPPNSSN configuration list and the QAPPNRMT configuration list together.
The QAPPNRMT configuration list provides password security between systems,
which helps to protect from an imposter system (a system or user that is pretending
to be another system).</p>
<p>When you use this method, you create the QAPPNSSN
configuration list that does not specify any remote locations. It points to
the QAPPNRMT configuration list.</p>
<p>The drawback to this method is that
you must explicitly define each location pair on the QAPPNRMT configuration
list. If you want the CHICAGO location (which is on the same system as the
PAYROLL location) to communicate with other locations, you need to add an
entry for each pair.</p></li>
<li><span class="bold">Using the QAPPNSSN configuration list by itself:</span>
<p>When you specify remote locations in the QAPPNSSN configuration list, your
configuration task is simpler because you can use generic names and wildcard
entries. However, when you use this method, you do not have the protection
of password verification between locations. In addition, when you use generic
names and wildcards, the system might accept or reject requests in a different
way than you intended.</p></li></ul>
<a id="Bot_Of_Page" name="Bot_Of_Page"></a>
</body>
</html>