AS/400 on the WEB--Disallowing certain users

**David Abramowitz** · 07-24-2001 08:34 AM

Do you mean hosting a web site on the AS/400, or access to your existing AS/400 applications? Dave

Guest.Visitor · 07-24-2001 09:48 AM

At this point, only signing onto the AS/400. We want to allow certain users access, and disallow any others. This includes telnet, CA, pass-thru's, etc. Thanks!

Guest.Visitor · 07-24-2001 10:03 AM

Rick - OK, I'm confused . . . if you don't want them to have access, don't give them a user profile! Or are you trying to prevent access via the Internet but allow access through the local LAN/WAN? Steve

Guest.Visitor · 07-24-2001 10:09 AM

No, its not quite that simple. We do not want any of our existing users to remotely access our 400. For example, they go home and start a telnet session. They already have an ID and PW. I guess we want to be able to have a "filter" only allowing certain users access.

Guest.Visitor · 07-24-2001 10:27 AM

Rick - You will have a hard time correlating users and IP addresses before the user signs onto your system since you can't match user and IP address (EX: I could be at 10.10.10.1 one day and 10.10.10.100 the next depending on the address assigned by my ISP if I have a dial-up connection.) You could interogate the IP address of the user's device using the QDCRDEVD API in an initial program and boot them back to a sign-on screen if they don't match your allowed users. HTH, Steve

Guest.Visitor · 07-24-2001 10:36 AM

I think you should look at exit program. This way you can control who is allowed to login. Unfortunatly, with the internet, security is a big issu so you may want to use some form of encryption to protect the user id and password that are send in clear text if not encrypted.

Guest.Visitor · 07-24-2001 08:51 PM

We are considering allowing internet access to the AS/400. We understanding the network technologies,firewalls, etc. Where we are finding difficulties is with the AS/400 and how to allow only certain users access via pass-thrus and workstations. We have looked into QRMTSIGN, its settings, and program. We are thinking the program option may be the way to do it and have found a modifiable sample of such. We simply are not sure what to do: is this the right approach or is there another way. Anyone who has been thru this---we would appreciate you advice! Thanks!

**shawnf@o-s.net** · 07-24-2001 08:51 PM

How about native AS/400 VPN? It's free with V4R4 and on, and you are in total control about who can access the system(s) in addition to firewall policy. Shawn Fu

Thread: AS/400 on the WEB--Disallowing certain users

Thread Tools