46 lines
4.1 KiB
HTML
46 lines
4.1 KiB
HTML
<?xml version="1.0" encoding="UTF-8"?>
|
|
<!DOCTYPE html
|
|
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
|
<html lang="en-us" xml:lang="en-us">
|
|
<head>
|
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
|
<meta name="security" content="public" />
|
|
<meta name="Robots" content="index,follow" />
|
|
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
|
|
<meta name="DC.Type" content="concept" />
|
|
<meta name="DC.Title" content="Gateway servers" />
|
|
<meta name="abstract" content="Your system may participate in a network with an intermediate or gateway server between the iSeries system and the PCs." />
|
|
<meta name="description" content="Your system may participate in a network with an intermediate or gateway server between the iSeries system and the PCs." />
|
|
<meta name="DC.Relation" scheme="URI" content="rzamvsecstation.htm" />
|
|
<meta name="copyright" content="(C) Copyright IBM Corporation 2006" />
|
|
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2006" />
|
|
<meta name="DC.Format" content="XHTML" />
|
|
<meta name="DC.Identifier" content="resgateway" />
|
|
<meta name="DC.Language" content="en-us" />
|
|
<!-- All rights reserved. Licensed Materials Property of IBM -->
|
|
<!-- US Government Users Restricted Rights -->
|
|
<!-- Use, duplication or disclosure restricted by -->
|
|
<!-- GSA ADP Schedule Contract with IBM Corp. -->
|
|
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
|
|
<link rel="stylesheet" type="text/css" href="./ic.css" />
|
|
<title>Gateway servers</title>
|
|
</head>
|
|
<body id="resgateway"><a name="resgateway"><!-- --></a>
|
|
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
|
|
<h1 class="topictitle1">Gateway servers</h1>
|
|
<div><p>Your system may participate in a network with an intermediate or gateway server between the iSeries™ system and the PCs.</p>
|
|
<p> For example, your iSeries system might be attached to a LAN with a PC server that has PCs that are attached to the server. The security issues in this situation depend on the capabilities of the software that is running on the gateway server.With some software, your iSeries system will not know about any users (such as USERA or USERC) who are downstream from the gateway server. The server will sign on to the system as a single user (USERGTW). It will use the USERGTW user ID to handle all requests from downstream users. A request from USERA will look to the server like a request from user USERGTW.</p>
|
|
<p>If this is the case, you must rely on the gateway server for security enforcement. You must understand and manage the security capabilities of the gateway server. From an iSeries server perspective, every user has the same authority as the user ID that the gateway server uses to start the session. You might think of this as equivalent to running a program that adopts authority and provides a command line.</p>
|
|
<p>With other software, the gateway server passes requests from individual users to iSeries servers. The iSeries server knows that USERA is requesting access to a particular object. The gateway is almost transparent to the system.</p>
|
|
<div class="p">If your system is in a network that has gateway servers, you need to evaluate how much authority to provide to the user IDs that are used by the gateway servers. You also need to understand the following:<ul><li>The security mechanisms that the gateway servers enforce.</li>
|
|
<li>How downstream users will appear to your iSeries system.</li>
|
|
</ul>
|
|
</div>
|
|
</div>
|
|
<div>
|
|
<div class="familylinks">
|
|
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzamvsecstation.htm" title="After you secure printer output, you should secure your workstations. You authorize workstations just like you authorize other objects on the system. Use the EDTOBJAUT command to give users authority to workstations.">Secure your workstations</a></div>
|
|
</div>
|
|
</div>
|
|
</body>
|
|
</html> |