These commands can be used in the same way to revoke or grant user authority to
almost any object on AS/400. To be able to view which users have authority to an
object, use the EDTOBJAUT command. This command can be used by a user with
all rights to the object, to revoke and grant user authority to the object from a single
display.
Object Security for Network Configuration
TCP/IP uses the information in the line description associated with a TCP/IP
interface to determine which communications line to use. The line description can
also be used to identify the attached network controller and the network device
objects that the TCP/IP protocol uses when the interface is started. To view or
change the line description associated with a TCP/IP interface, use option 1 (Work
with TCP/IP interfaces) from the Configure TCP/IP (CFGTCP) command.
If the network controller and network device have not been created previously,
TCP/IP uses automatic configuration support to create them when it starts an
interface that uses the line. If the network controller or device are created by
automatic configuration, *PUBLIC will be granted *CHANGE authority to these
objects. The objects are not secure.
Note: TCP/IP is an OS/400 system service and will function correctly no matter
what authority you specify for the network configuration objects it uses. Use
the GRTOBJAUT command to change the authority to access a
communications line configuration object.
The QTCPIP job that runs in the QSYSWRK subsystem will lock the network device
when any interface that uses that network device is started. This is done to prevent
the line from being varied off while a TCP/IP interface is using it. To remove the
lock held by the QTCPIP job, do one of the following:
v Use the End TCP/IP Interface (ENDTCPIFC) command to end all interfaces that
are using the line.
v Use the End TCP/IP (ENDTCP) command to end all TCP/IP processing. This
ends the QTCPIP job, which will end all TCP/IP interfaces.
IBM-Written Programs Security
The IBM applications shipped with TCP/IP carry out the following security features.
File Transfer Protocol (FTP)
Requires the user to provide a user ID and password (if a secure system). FTP also
verifies that a user profile has authority to any file that is to be transferred. You
access this function through the AS/400 Start TCP/IP FTP (STRTCPFTP) command
or by connecting to the AS/400 FTP server using another system’s FTP client.
The FTP protocol definition provides no way to encrypt password information.
Note: There are three exit points provided with AS/400 FTP that allow you to set
up security and validation controls. They are described in “Appendix E.
TCP/IP Application Exit Points and Programs” on page 535.
Appendix B. TCP/IP Security 513