friedkiwi/ibm-information-center
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
6290434003
ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzaiq_5.4.0.1/rzaiqlepi.htm

162 lines
10 KiB
HTML
Raw Blame History

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="reference" />
<meta name="DC.Title" content="Server logon exit point" />
<meta name="abstract" content="You can control the authentication of users to a TCP/IP application server with the TCP/IP Application Server Logon exit point." />
<meta name="description" content="You can control the authentication of users to a TCP/IP application server with the TCP/IP Application Server Logon exit point." />
<meta name="DC.Relation" scheme="URI" content="rzaiqreferenceexit.htm" />
<meta name="DC.Relation" scheme="URI" content="rzaiqexamplogoncl.htm" />
<meta name="DC.Relation" scheme="URI" content="rzaiqexamplogonc.htm" />
<meta name="DC.Relation" scheme="URI" content="rzaiqexamplogonilerpg.htm" />
<meta name="DC.Relation" scheme="URI" content="rzaiql0100.htm" />
<meta name="DC.Relation" scheme="URI" content="rzaiql0200.htm" />
<meta name="DC.Relation" scheme="URI" content="rzaiql0300.htm" />
<meta name="DC.Relation" scheme="URI" content="rzaiqextprog.htm" />
<meta name="DC.Relation" scheme="URI" content="rzaiqseccontrolaccess.htm" />
<meta name="DC.Relation" scheme="URI" content="rzaiqftpscon.htm" />
<meta name="DC.Relation" scheme="URI" content="rzaiqftpanon.htm" />
<meta name="DC.Relation" scheme="URI" content="rzaiqtroubledetermine.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 2004, 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2004, 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="rzaiqlepi" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Server logon exit point</title>
</head>
<body id="rzaiqlepi"><a name="rzaiqlepi"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Server logon exit point</h1>
<div><p>You can control the authentication of users to a TCP/IP application
server with the TCP/IP Application Server Logon exit point.</p>
<div class="section"><p>This exit point allows server access based on the originating
session's address. It also allows you to specify an initial working directory
that is different from those that are in the user profile.</p>
<p>When you
add an exit program to the exit point, the server calls the logon exit program
each time a user attempts to log on. The exit program sets the return code
output parameter to indicate whether the server will continue the logon operation.
Alternate return code settings are available for processing the logon, and
initializing directory information.</p>
<p>The iSeries™ exit point for FTP server logon
is:</p>
<p>QIBM_QTMF_SVR_LOGON</p>
<p>These are the three exit point formats
available:</p>
<ul><li>The TCPL0100 exit point format allows this basic logon control: <ul><li>Ability to accept or reject a logon</li>
<li>Control of the user profile, password, and current library</li>
</ul>
</li>
<li>The TCPL0200 exit point format provides additional parameters to control
the logon process, including: <ul><li>Ability to set the working directory to any directory on the system.</li>
<li>Ability to return application-specific information</li>
<li>Ability to control encryption of FTP data sent to and received from the
FTP client.</li>
</ul>
</li>
<li>The TCPL0300 exit point format extends the TCPL0200 format,
so you can use i5/OS™ enhanced
password support and the additional parameters to enable CCSID processing
for password and directory name fields. In addition, when the user for the
session has been authenticated with a client certificate, the exit program
receives the client certificate.</li>
</ul>
<div class="note"><span class="notetitle">Notes:</span> <ol><li>There can be only one exit program registered for the FTP server logon
exit point. You must decide which of the three exit point formats you want
to use.</li>
<li>For the FTP application, this exit point provides the capability to implement
anonymous FTP, including the information required to log and control access.</li>
<li>For all character parameters in exit point formats TCPL0100 and TCPL0200,
and all character parameters without an associated CCSID in exit point format
TCPL0200: Character data passed to the exit program is in the CCSID of the
job. If the job CCSID is 65535, the character data is in the default CCSID
of the job. Any character data that is returned by the exit program in these
parameters is expected to be in this same CCSID.</li>
</ol>
</div>
</div>
<div class="section"><h4 class="sectiontitle">Server logon exit program for anonymous FTP</h4><p>For
anonymous FTP, write the server logon program to perform the following functions:</p>
<ul><li>Accept logons from user ID ANONYMOUS</li>
<li>Request an e-mail address as a password. It is customary to require a
'valid e-mail address' for the password. The term is misleading because the
exit program only verifies if there is an '@' symbol in the middle of a string
of alphanumeric characters. That too is customary. This is why it is important
to log the user's IP address.</li>
<li>Check for the @ symbol in the password string.</li>
<li>Force ANONYMOUS users to your public access library only. See return code
3 of parameter 8 for TCPL0200 Format).</li>
</ul>
</div>
<div class="section"><h4 class="sectiontitle">What your program should include:</h4><ul><li>Exception handling</li>
<li>Debugging</li>
<li>Logging <ul><li>Log the IP address and e-mail address (sent as a password) of the FTP
requester.</li>
</ul>
</li>
</ul>
</div>
<div class="section"><h4 class="sectiontitle">Is there an exit program time-out feature?</h4><p>There
is no time-out for FTP exit programs. If the exit program has an error or
exception that it cannot handle, the FTP server will abort the session.</p>
</div>
<div class="section"><h4 class="sectiontitle">QTCP needs authority</h4><p>When the application calls
the FTP server logon exit program, the FTP server job is running under the
QTCP user profile.</p>
<p>Make sure that QTCP has sufficient authority to access
and write to any log files or other satellite files associated with the exit
programs.</p>
</div>
<div class="section"><h4 class="sectiontitle">Example programs</h4><p>Example programs are available
to help you set up anonymous FTP on your server. These examples are for illustration
purposes. They do not contain enough features to run on a production machine
as is. You can use these samples as a starting point to build your own programs.
By copying portions of the code from the samples, you can add them to programs
that you write yourself. It is recommended that you run the sample programs
on a system other than your production system.</p>
</div>
</div>
<div>
<ul class="ullinks">
<li class="ulchildlink"><strong><a href="rzaiqexamplogoncl.htm">Example: FTP server logon exit program in CL code</a></strong><br />
This is an example of a simple File Transfer Protocol (FTP) Server
Logon exit program. It is written in iSeries Command Language (CL).</li>
<li class="ulchildlink"><strong><a href="rzaiqexamplogonc.htm">Example: FTP server logon exit program in C code</a></strong><br />
This is an example of a simple File Transfer Protocol (FTP) Server Logon exit program. It is written in C programming language.</li>
<li class="ulchildlink"><strong><a href="rzaiqexamplogonilerpg.htm">Example: FTP server logon exit program in ILE RPG code</a></strong><br />
This is an example of a simple File Transfer Protocol (FTP) Server Logon exit program. It is written in ILE RPG.</li>
<li class="ulchildlink"><strong><a href="rzaiql0100.htm">TCPL0100 exit point format</a></strong><br />
</li>
<li class="ulchildlink"><strong><a href="rzaiql0200.htm">TCPL0200 exit point format</a></strong><br />
</li>
<li class="ulchildlink"><strong><a href="rzaiql0300.htm">TCPL0300 exit point format</a></strong><br />
</li>
</ul>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzaiqreferenceexit.htm" title="You can use File Transfer Protocol (FTP) exit programs to secure FTP. The FTP server communicates with each exit program through a specific exit point. This topic includes parameter descriptions and code examples.">File Transfer Protocol exit programs</a></div>
</div>
<div class="relconcepts"><strong>Related concepts</strong><br />
<div><a href="rzaiqseccontrolaccess.htm" title="If you are using File Transfer Protocol (FTP), you need to control users to protect your data and network. This topic offers tips and security considerations.">Control File Transfer Protocol access</a></div>
<div><a href="rzaiqftpscon.htm" title="You can use File Transfer Protocol (FTP) exit points to protect the iSeries from this topic.">Manage access using File Transfer Protocol exit programs</a></div>
<div><a href="rzaiqftpanon.htm" title="Anonymous File Transfer Protocol (FTP) enables remote users to use the FTP server without an assigned user ID and password.">Configure anonymous File Transfer Protocol</a></div>
<div><a href="rzaiqtroubledetermine.htm" title="You can view a list of steps to determine whether your Simple Mail Transfer Protocol (SMTP) is working correctly.">Determine problems with File Transfer Protocol</a></div>
</div>
<div class="relref"><strong>Related reference</strong><br />
<div><a href="rzaiqextprog.htm" title="To use anonymous File Transfer Protocol (FTP), you need to write two exit programs: FTP Server Logon exit program and FTP Server Request Validation exit program.">Write exit programs for anonymous File Transfer Protocol</a></div>
</div>
</div>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink