The remote signon control system value determines whether your system will require users to sign on when they request a passthrough or Telnet session from another server.
See Quick reference table for an overview of the remote signon control system value.
| iSeries™ Navigator | Character-based interface | Description |
|---|---|---|
| Always display signon | *FRCSIGNON | Remote signon requests must go through the normal signon process. |
| Source and target user IDs must match | *SAMEPRF | When the source and target user profile names are the same, the signon display may be bypassed if automatic signon is requested. Password verification occurs before the target pass-through program is used. If a password that is not valid is sent on an automatic signon attempt, the pass-through session always ends and an error message is sent to the user. However, if the profile names are different, this value indicates that the session ends with a security failure even if the user entered a valid password for the remote user profile. |
| Verify user ID on target system | *VERIFY | This value allows you to bypass the signon display of the target system if valid security information is sent with the automatic signon request. If the password is not valid for the specified target user profile, the pass-through session ends with a security failure. |
| Reject remote signons | *REJECT | No remote signon is permitted. For TELNET access, no action is taken if this value is specified. |
| Invoke user-written exit program | program-name library-name | The program specified runs at the start and end of every pass-through session. |
Relationship to security policy
For your security policy you need to know how users and systems require access to resources before determining the setting for this security value. For instance, if your employees use iSeries Access for Windows®, it is recommended that you set this system value to require normal signon procedures or force that signon on both the source and target systems be the same. For user who do not use iSeries Access, you can reject remote signon.
| iSeries Navigator name | Remote signon |
|---|---|
| Character-based interface name | QRMTSIGN |
| Authority | All object access (*ALLOBJ) Note: The Security Officer (QSECOFR) user profile is shipped with
these authorities.
|
| How to access | iSeries Navigator
Character-based interface
|
| Changes take effect | Immediately |
| Default value | Deselected |
| Recommended value | Selected |
| Lockable | Yes |
| Special considerations | If you do not want to allow any pass-through or access to iSeries Access, set this value to reject all remote signons. |
For more in-depth information about this security value, see Chapter 3, "Security System Values" in Security Reference.