64 lines
3.6 KiB
HTML
64 lines
3.6 KiB
HTML
<?xml version="1.0" encoding="utf-8"?>
|
|
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
|
|
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
|
<html xmlns="http://www.w3.org/1999/xhtml" lang="en-US" xml:lang="en-us">
|
|
<head>
|
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
|
<meta name="dc.language" scheme="rfc1766" content="en-us" />
|
|
<!-- All rights reserved. Licensed Materials Property of IBM -->
|
|
<!-- US Government Users Restricted Rights -->
|
|
<!-- Use, duplication or disclosure restricted by -->
|
|
<!-- GSA ADP Schedule Contract with IBM Corp. -->
|
|
<meta name="dc.date" scheme="iso8601" content="2005-10-03" />
|
|
<meta name="copyright" content="(C) Copyright IBM Corporation 1998, 2006" />
|
|
<meta name="security" content="public" />
|
|
<meta name="Robots" content="index,follow"/>
|
|
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
|
|
<title>Create a session endpoint filter</title>
|
|
<link rel="stylesheet" type="text/css" href="ibmidwb.css" />
|
|
<link rel="stylesheet" type="text/css" href="ic.css" />
|
|
</head>
|
|
<body>
|
|
<a id="Top_Of_Page" name="Top_Of_Page"></a><!-- Java sync-link -->
|
|
<script language = "Javascript" src = "../rzahg/synch.js" type="text/javascript"></script>
|
|
|
|
|
|
<a name="epsf1"></a>
|
|
<h4 id="epsf1">Create a session endpoint filter</h4>
|
|
<p>The following are two different methods for creating a session endpoint
|
|
filter on the CHICAGO system in the figure below. They must satisfy the following
|
|
requirements:</p>
|
|
<ul>
|
|
<li>Only the FINANCE location can establish a session with the PAYROLL location.</li>
|
|
<li>The CHICAGO location can communicate with any USANET location except PAYROLL.</li>
|
|
<li>The CHICAGO location can communicate with LONDON.</li></ul>
|
|
<a name="appnnetc"></a>
|
|
<div class="fignone" id="appnnetc"><span class="figcap">Figure 12. Two connected APPN networks</span>
|
|
<div class="mmobj">
|
|
<img src="rv4n400.gif" alt="Two connected APPN networks" /></div></div>
|
|
<ul>
|
|
<li><span class="bold">Using the QAPPNSSN and QAPPNRMT configuration lists together:</span>
|
|
<p>The most secure method for creating a session endpoint filter is to
|
|
use the QAPPNSSN configuration list and the QAPPNRMT configuration list together.
|
|
The QAPPNRMT configuration list provides password security between systems,
|
|
which helps to protect from an imposter system (a system or user that is pretending
|
|
to be another system).</p>
|
|
<p>When you use this method, you create the QAPPNSSN
|
|
configuration list that does not specify any remote locations. It points to
|
|
the QAPPNRMT configuration list.</p>
|
|
<p>The drawback to this method is that
|
|
you must explicitly define each location pair on the QAPPNRMT configuration
|
|
list. If you want the CHICAGO location (which is on the same system as the
|
|
PAYROLL location) to communicate with other locations, you need to add an
|
|
entry for each pair.</p></li>
|
|
<li><span class="bold">Using the QAPPNSSN configuration list by itself:</span>
|
|
<p>When you specify remote locations in the QAPPNSSN configuration list, your
|
|
configuration task is simpler because you can use generic names and wildcard
|
|
entries. However, when you use this method, you do not have the protection
|
|
of password verification between locations. In addition, when you use generic
|
|
names and wildcards, the system might accept or reject requests in a different
|
|
way than you intended.</p></li></ul>
|
|
<a id="Bot_Of_Page" name="Bot_Of_Page"></a>
|
|
</body>
|
|
</html>
|