Gateway servers

Your system may participate in a network with an intermediate or gateway server between the iSeries™ system and the PCs.

For example, your iSeries system might be attached to a LAN with a PC server that has PCs that are attached to the server. The security issues in this situation depend on the capabilities of the software that is running on the gateway server.With some software, your iSeries system will not know about any users (such as USERA or USERC) who are downstream from the gateway server. The server will sign on to the system as a single user (USERGTW). It will use the USERGTW user ID to handle all requests from downstream users. A request from USERA will look to the server like a request from user USERGTW.

If this is the case, you must rely on the gateway server for security enforcement. You must understand and manage the security capabilities of the gateway server. From an iSeries server perspective, every user has the same authority as the user ID that the gateway server uses to start the session. You might think of this as equivalent to running a program that adopts authority and provides a command line.

With other software, the gateway server passes requests from individual users to iSeries servers. The iSeries server knows that USERA is requesting access to a particular object. The gateway is almost transparent to the system.

If your system is in a network that has gateway servers, you need to evaluate how much authority to provide to the user IDs that are used by the gateway servers. You also need to understand the following: