ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzaiw_5.4.0.1/rzaiwqlmtsecofr.htm

100 lines
7.4 KiB
HTML
Raw Normal View History

2024-04-02 14:02:31 +00:00
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="concept" />
<meta name="DC.Title" content="Restrict privileged users to specific devices and limit sign-on attempts" />
<meta name="abstract" content="The sign-on system values are used to both restrict or limit the devices to which a user can sign on and to define the number of system sign-on attempts allowed." />
<meta name="description" content="The sign-on system values are used to both restrict or limit the devices to which a user can sign on and to define the number of system sign-on attempts allowed." />
<meta name="DC.Relation" scheme="URI" content="rzaiwconfigtelsrvr.htm" />
<meta name="DC.Relation" scheme="URI" content="rzaiwnamdev.htm" />
<meta name="DC.Relation" scheme="URI" content="rzaiwrzaiwtimeout.htm" />
<meta name="DC.Relation" scheme="URI" content="../rzakz/rzakzsignoverview.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 1998, 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 1998, 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="rzaiwqlmtsecofr" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Restrict privileged users to specific devices and limit sign-on attempts</title>
</head>
<body id="rzaiwqlmtsecofr"><a name="rzaiwqlmtsecofr"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Restrict privileged users to specific devices and limit sign-on attempts</h1>
<div><p>The sign-on system values are used to both restrict or limit the
devices to which a user can sign on and to define the number of system sign-on
attempts allowed.</p>
<div class="section" xml:lang="en-us" id="rzaiwqlmtsecofr__restrictdevices"><a name="rzaiwqlmtsecofr__restrictdevices"><!-- --></a><h4 class="sectiontitle">Restrict privileged
users to specific devices</h4><p>The i5/OS<sup>®</sup> licensed program uses the sign-on
system values to restrict or limit the devices to which a user can sign on. <em>All
object authority</em> (*ALLOBJ) allows the user to access any of the resources
on the system. <em>Service special authority</em> (*SERVICE) allows the user
to perform specific service functions on the system. For example, the user
with this type of authority will be able to debug a program,
and perform display and alter service functions. To set these values using iSeries™ Navigator,
follow these steps:</p>
<ol><li>Select <span class="menucascade"><span class="uicontrol">your iSeries server</span> &gt; <span class="uicontrol">Network</span> &gt; <span class="uicontrol">Servers</span> &gt; <span class="uicontrol">TCP/IP</span></span>.</li>
<li>In the right pane, right-click <span class="uicontrol">Telnet</span> and select <span class="uicontrol">Properties</span>.</li>
<li>On the Telnet Properties - System Sign-On page, select the following options:<ul><li><span class="uicontrol">Restrict privileged users to specific devices.</span> This
selection indicates that all users with all object (*ALLOBJ) and service (*SERVICE)
special authority need explicit authority to specific workstations.</li>
<li> <span class="uicontrol">Limit each user to one device session.</span> This selection
indicates that a user can sign on only at one workstation. This does not prevent
the user from using group jobs or making a system request at the workstation.
This reduces the likelihood of sharing passwords and leaving devices unattended.</li>
</ul>
</li>
</ol>
</div>
<div class="section" xml:lang="en-us" id="rzaiwqlmtsecofr__limitsignonattempts"><a name="rzaiwqlmtsecofr__limitsignonattempts"><!-- --></a><h4 class="sectiontitle">Limit sign-on attempts</h4><p>Use
the sign-on system values to define the number of system sign-on attempts
allowed. The number of Telnet sign-on attempts allowed increases if you have
virtual devices automatically configured. To set these values, follow these
steps:</p>
<ol><li>In iSeries Navigator,
select <span class="menucascade"><span class="uicontrol">your iSeries server</span> &gt; <span class="uicontrol">Network</span> &gt; <span class="uicontrol">Servers</span> &gt; <span class="uicontrol">TCP/IP</span></span>.</li>
<li>In the right pane, right-click <span class="uicontrol">Telnet</span> and select <span class="uicontrol">Properties</span>.</li>
<li>On the Telnet Properties page, click the <span class="uicontrol">System Sign-On</span> tab.</li>
<li>On the Telnet Properties - System Sign-On page, you can specify the number
of sign-on attempts allowed and the action to take if the maximum number of
sign-on attempts is reached.</li>
<li>Click the <span class="uicontrol">Remote</span> tab.</li>
<li>On the Telnet Properties - Remote Sign-On page, select an option for <span class="uicontrol">Use
Telnet for remote sign-on</span>. The options are:<ul><li><span class="uicontrol">Always display sign-on</span> - All remote sign-on sessions
are required to go through normal sign-on processing.</li>
<li><span class="uicontrol">Allow sign-on to be bypassed</span> - The system allows
the user to bypass the sign-on panel. The user is still signed on to the system,
but the sign-on panel is not displayed.</li>
</ul>
<div class="note"><span class="notetitle">Note:</span> If Use Pass-through for remote sign-on is enabled, the options
are selected automatically based on the settings you specify for Use Pass-through
for remote sign-on. Telnet is still available for remote sign-ons if you select
Pass-through.</div>
</li>
</ol>
<p><strong>What to do next:</strong></p>
<p>Set the session keep-alive parameter</p>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzaiwconfigtelsrvr.htm" title="This topic shows you how to configure your Telnet server for various emulation types.">Configure the Telnet server</a></div>
<div class="previouslink"><strong>Previous topic:</strong> <a href="rzaiwnamdev.htm" title="You can read this topic for instructions on configuring the number of virtual devices for the Telnet server and limiting the number of signon attempts allowed.">Set the number of virtual devices</a></div>
<div class="nextlink"><strong>Next topic:</strong> <a href="rzaiwrzaiwtimeout.htm" title="You can set the maximum idle time that the TCP protocol will allow before sending a probe to test for an inactive session using the TCP keep-alive parameter.">Set the session keep-alive parameter</a></div>
</div>
<div class="relconcepts"><strong>Related concepts</strong><br />
<div><a href="../rzakz/rzakzsignoverview.htm">Sign-on system values</a></div>
</div>
</div>
</body>
</html>