ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzamv_5.4.0.1/rzamvqrmtsign.htm

146 lines
8.1 KiB
HTML

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="concept" />
<meta name="DC.Title" content="Remote signon control" />
<meta name="abstract" content="The remote signon control system value determines whether your system will require users to sign on when they request a passthrough or Telnet session from another server." />
<meta name="description" content="The remote signon control system value determines whether your system will require users to sign on when they request a passthrough or Telnet session from another server." />
<meta name="DC.Relation" scheme="URI" content="rzamvplansyslvlsec.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="qrmtsign" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Remote signon control</title>
</head>
<body id="qrmtsign"><a name="qrmtsign"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Remote signon control</h1>
<div><p>The remote signon control system value determines whether your
system will require users to sign on when they request a passthrough or Telnet
session from another server.</p>
<p>See <a href="#qrmtsign__quickref">Quick reference</a> table
for an overview of the remote signon control system value.</p>
<div class="p">
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" frame="border" border="1" rules="all"><caption>Table 1. Possible values for the remote signon control
system value</caption><thead align="left"><tr valign="bottom"><th valign="bottom" id="d0e27">iSeries™ Navigator </th>
<th valign="bottom" id="d0e31">Character-based interface</th>
<th valign="bottom" id="d0e33">Description</th>
</tr>
</thead>
<tbody><tr><td valign="top" headers="d0e27 ">Always display signon</td>
<td valign="top" headers="d0e31 ">*FRCSIGNON</td>
<td valign="top" headers="d0e33 ">Remote signon requests must go through the normal signon
process.</td>
</tr>
<tr><td valign="top" headers="d0e27 ">Source and target user IDs must match</td>
<td valign="top" headers="d0e31 ">*SAMEPRF</td>
<td valign="top" headers="d0e33 ">When the source and target user profile names are the
same, the signon display may be bypassed if automatic signon is requested.
Password verification occurs before the target pass-through program is used.
If a password that is not valid is sent on an automatic signon attempt, the
pass-through session always ends and an error message is sent to the user.
However, if the profile names are different, this value indicates that the
session ends with a security failure even if the user entered a valid password
for the remote user profile.</td>
</tr>
<tr><td valign="top" headers="d0e27 ">Verify user ID on target system</td>
<td valign="top" headers="d0e31 "> *VERIFY </td>
<td valign="top" headers="d0e33 ">This value allows you to bypass the signon display of
the target system if valid security information is sent with the automatic
signon request. If the password is not valid for the specified target user
profile, the pass-through session ends with a security failure.</td>
</tr>
<tr><td valign="top" headers="d0e27 ">Reject remote signons</td>
<td valign="top" headers="d0e31 ">*REJECT</td>
<td valign="top" headers="d0e33 ">No remote signon is permitted. For TELNET access, no
action is taken if this value is specified.</td>
</tr>
<tr><td valign="top" headers="d0e27 ">Invoke user-written exit program</td>
<td valign="top" headers="d0e31 "><em>program-name library-name </em></td>
<td valign="top" headers="d0e33 ">The program specified runs at the start and end of every
pass-through session.</td>
</tr>
</tbody>
</table>
</div>
</div>
<p><strong>Relationship to security policy</strong></p>
<p>For your security policy you need to know how users and systems require
access to resources before determining the setting for this security value.
For instance, if your employees use iSeries Access for Windows<sup>®</sup>,
it is recommended that you set this system value to require normal signon
procedures or force that signon on both the source and target systems be the
same. For user who do not use iSeries Access, you can reject remote
signon.</p>
<div class="p">
<div class="tablenoborder"><a name="qrmtsign__quickref"><!-- --></a><table cellpadding="4" cellspacing="0" summary="" id="qrmtsign__quickref" frame="border" border="1" rules="all"><caption>Table 2. Quick Reference. Provides details
for the remote signon control system value.</caption><thead align="left"><tr valign="bottom"><th valign="bottom" id="d0e99">iSeries Navigator name</th>
<th valign="bottom" id="d0e103">Remote signon</th>
</tr>
</thead>
<tbody><tr><td valign="top" headers="d0e99 ">Character-based interface name</td>
<td valign="top" headers="d0e103 ">QRMTSIGN</td>
</tr>
<tr><td valign="top" headers="d0e99 ">Authority</td>
<td valign="top" headers="d0e103 "><p>All object access (*ALLOBJ)<br />
Security administrator (*SECADM)</p>
<div class="note"><span class="notetitle">Note:</span> The Security Officer (QSECOFR) user profile is shipped with
these authorities. </div>
</td>
</tr>
<tr><td valign="top" headers="d0e99 ">How to access</td>
<td valign="top" headers="d0e103 "><div class="p"><strong>iSeries Navigator</strong><ol><li>Expand <span class="menucascade"><span class="uicontrol">Security</span> &gt; <span class="uicontrol">Policies</span></span>.</li>
<li>Right click <strong>Signon Policy</strong> and select <strong>Properties</strong>.</li>
<li>On the <strong>Remote</strong> page, you will find the option for remote signon
control.</li>
</ol>
</div>
<div class="p"><strong>Character-based interface</strong><ol><li>In the character-based interface, type <samp class="codeph">WRKSYSVAL QRMTSIGN</samp>.</li>
</ol>
</div>
</td>
</tr>
<tr><td valign="top" headers="d0e99 ">Changes take effect</td>
<td valign="top" headers="d0e103 ">Immediately</td>
</tr>
<tr><td valign="top" headers="d0e99 ">Default value</td>
<td valign="top" headers="d0e103 ">Deselected</td>
</tr>
<tr><td valign="top" headers="d0e99 ">Recommended value</td>
<td valign="top" headers="d0e103 ">Selected</td>
</tr>
<tr><td valign="top" headers="d0e99 "><a href="rzamvlockdown.htm">Lockable</a></td>
<td valign="top" headers="d0e103 ">Yes</td>
</tr>
<tr><td valign="top" headers="d0e99 ">Special considerations </td>
<td valign="top" headers="d0e103 ">If you do not want to allow any pass-through or access
to iSeries Access,
set this value to reject all remote signons.</td>
</tr>
</tbody>
</table>
</div>
</div>
<p>For more in-depth information about this security value, see Chapter 3, <span class="q">"Security
System Values"</span> in <a href="../books/sc415302.pdf" target="_blank">Security Reference</a>. </p>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzamvplansyslvlsec.htm" title="System security entails controlling user access and their privileges, maintaining information integrity, monitoring processes and access, auditing system functions, and providing backup and recovery of security related information.">Plan system security</a></div>
</div>
</div>
</body>
</html>