IBM AS/400e Computer Hardware User Manual


 
Step 3—VTxxx—Setting the QLMTSECOFR Value
The OS/400 licensed program supports the limit security officer (QLMTSECOFR)
system value, which limits the devices the security officer can sign on to. If the
QLMTSECOFR value is greater than zero, the security officer must be authorized to
use the virtual device descriptions. However, when this value is 0, the system does
not limit the devices users with *ALLOBJ or *SERVICE special authority can sign on
to.
On AS/400 systems with a QSECURITY value of 30 or greater, a user with security
officer authority (*ALLOBJ) must be authorized to use devices before the system
allows the user to use those devices. For example, each display device that a
security officer wants to sign on to (local, remote, or virtual), must have had the
following authority specified with the Grant Object Authority (GRTOBJAUT)
command:
GRTOBJAUT OBJ(display_name) OBJTYPE(*DEVD)
AUT(*CHANGE) USER(QSECOFR)
This procedure is very important because Telnet automatically configures virtual
devices. If the QLMTSECOFR value is set to 0, all devices automatically configured
by Telnet can be used by the security officer. If you set the QLMTSECOFR value to
1, your security officer is not able to use the virtual devices created by Telnet unless
you grant object authority to the security officer for that virtual device. The automatic
configuration support can delete and re-create the virtual device. If this occurs,
authority must be granted to the security officer each time the virtual device is
created.
Step 4—VTxxx—Working with Associated System Values
In addition to the QAUTOVRT and QLMTSECOFR, the following system values are
available for you to work with from the Configure TCP/IP Telnet (CFGTCPTELN)
menu:
v QINACTITV: Inactive job time-out
v QINACTMSGQ: Inactive job message queue
v QLMTDEVSSN: Limit device sessions
v QMAXSGNACN: Action to take for failed sign-on attempts
v QMAXSIGN: Maximum sign-on attempts allowed
v QRMTSIGN: Remote sign-on control
v QDEVRCYACN: Device I/O error action
v QDSCJOBITV: Time interval before disconnected jobs end
Figure 124 on page 197 shows the Configure TCP/IP Telnet (CFGTCPTELN) menu.
Setting the Telnet Timemark Timeout Value:
You should also take into
consideration the TIMMRKTIMO parameter.
The Telnet timemark timeout (TIMMRKTIMO) parameter specifies the number of
seconds between TIMEMARK commands sent by the Telnet server. If Telnet is
unable to send the TIMEMARK command, it closes the connection.
Chapter 6. Telnet Server 199
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|