Restricting privileged users to specific devices and limiting sign-on attempts

 

The sign-on system values are used to both restrict or limit the devices to which a user can sign on and to define the number of system sign-on attempts allowed.

 

Restricting privileged users to specific devices

The i5/OS® licensed program uses the sign-on system values to restrict or limit the devices to which a user can sign on. All object authority (*ALLOBJ) allows the user to access any of the resources on the system. Service special authority (*SERVICE) allows the user to perform specific service functions on the system. For example, the user with this type of authority will be able to debug a program, and perform display and alter service functions. To set these values using iSeries™ Navigator, follow these steps:

  1. Select your system > Network > Servers > TCP/IP.

  2. In the right pane, right-click Telnet and select Properties.

  3. On the Telnet Properties - System Sign-On page, select the following options:

    • Restrict privileged users to specific devices. This selection indicates that all users with all object (*ALLOBJ) and service (*SERVICE) special authority need explicit authority to specific workstations.

    • Limit each user to one device session. This selection indicates that a user can sign on only at one workstation. This does not prevent the user from using group jobs or making a system request at the workstation. This reduces the likelihood of sharing passwords and leaving devices unattended.

 

Limiting sign-on attempts

Use the sign-on system values to define the number of system sign-on attempts allowed. The number of Telnet sign-on attempts allowed increases if you have virtual devices automatically configured. To set these values, follow these steps:

  1. In iSeries Navigator, select your system > Network > Servers > TCP/IP.

  2. In the right pane, right-click Telnet and select Properties.

  3. On the Telnet Properties page, click the System Sign-On tab.

  4. On the Telnet Properties - System Sign-On page, you can specify the number of sign-on attempts allowed and the action to take if the maximum number of sign-on attempts is reached.

  5. Click the Remote tab.

  6. On the Telnet Properties - Remote Sign-On page, select an option for Use Telnet for remote sign-on. The options are:

    • Always display sign-on - All remote sign-on sessions are required to go through normal sign-on processing.

    • Allow sign-on to be bypassed - The system allows the user to bypass the sign-on panel. The user is still signed on to the system, but the sign-on panel is not displayed.

    If Use Pass-through for remote sign-on is enabled, the options are selected automatically based on the settings you specify for Use Pass-through for remote sign-on. Telnet is still available for remote sign-ons if you select Pass-through.

 

Parent topic:

Configuring the Telnet server
Previous topic: Setting the number of virtual devices
Next topic: Setting the session keep-alive parameter

Related concepts
System values: Sign-on overview