MC Press Online Forum
Welcome, Guest
Please Login or Register.    Lost Password?
MC Press Online Forum MC Press Online Forums Application Software IBM IBM Client Access
iSeries Access bypass signon for 5250 session (1 viewing) (1) Guest
Go to bottom Post Reply Favoured: 0
TOPIC: iSeries Access bypass signon for 5250 session
#1624
Rene Perry (User)
Fresh Boarder
Posts: 1
graphgraph
User Offline Click here to see the profile of this user
iSeries Access bypass signon for 5250 session 1 Year, 4 Months ago Karma: 0  
I'm a contractor on site at a client who instructs their desktop support personnel how to configure 5250 sessions for their telnet connection to their iSeries. They are instructing these folks to click the option "bypass signon", stating concerns that if they don't, the password in the first signon prompt (not the actual 5250 session) will be sent unencrypted. Can anyone confirm this information for me?
 
Report to moderator   Logged Logged  
  The administrator has disabled public write access.
#1625
Guest.Visitor (Visitor)

Birthdate:
iSeries Access bypass signon for 5250 session 1 Year, 4 Months ago  
Rene Perry wrote:<BR>
> I'm a contractor on site at a client who instructs their desktop<BR>
> support personnel how to configure 5250 sessions for their telnet<BR>
> connection to their iSeries. They are instructing these folks to<BR>
> click the option "bypass signon", stating concerns that if they<BR>
> don't, the password in the first signon prompt (not the actual 5250<BR>
> session) will be sent unencrypted. Can anyone confirm this<BR>
> information for me?<BR>
<P>
<P>
Rene,<BR>
<P>
According to this page, they are mostly correct:<BR>
<P>
<a href="http://publib.boulder.ibm.com/infocenter/iseries/v5r4/index.jsp?topic=/rzamv/rzamvresworkstationpwd.htm">http://publib.boulder.ibm.com/infocenter/iseries/v5r4/index.jsp?topic=/rzamv/rzamvresworkstationpwd.htm</a><BR>
<P>
"Security exposure: For 5250 emulation or any other type of interactive <BR>
session, the Sign On display is the same as any other display. Although the <BR>
password is not displayed on the screen when it is typed, the password is <BR>
sent over the link in unencrypted form just like any other data field. For <BR>
some types of links, this may provide the opportunity for a would-be <BR>
intruder to monitor the link and to detect a user ID and password. <BR>
Monitoring a link by using electronic equipment is often referred to as <BR>
sniffing. Beginning with V4R4, you can use secure sockets layer (SSL) to <BR>
encrypt communication between iSeries Access and the iSeries server. This <BR>
protects your data, including passwords, from sniffing.<BR>
<P>
When you choose the option to bypass the Sign On display, the PC encrypts <BR>
the password before it is sent. Encryption avoids the possibility of having <BR>
a password stolen by sniffing. However, you must ensure that your PC users <BR>
practice operational security. An unattended PC with an active session to <BR>
the iSeries system provides the opportunity for someone to start another <BR>
session without knowing a user ID and password. PCs should be set up to <BR>
lock when the system is inactive for an extended period, and they should <BR>
require a password to resume the session."<BR>
<P>
Bill <BR>
<P>
<P>
 
Report to moderator   Logged Logged  
  The administrator has disabled public write access.
Go to top Post Reply
Powered by FireBoardget the latest posts directly to your desktop
 
   MC-STORE.COM