Step 3—VTxxx—Setting the QLMTSECOFR Value
The OS/400 licensed program supports the limit security officer (QLMTSECOFR)
system value, which limits the devices the security officer can sign on to. If the
QLMTSECOFR value is greater than zero, the security officer must be authorized to
use the virtual device descriptions. However, when this value is 0, the system does
not limit the devices users with *ALLOBJ or *SERVICE special authority can sign on
to.
On AS/400 systems with a QSECURITY value of 30 or greater,a user with security
officer authority (*ALLOBJ) must be authorized to use devices before the system
allows the user to use those devices. For example, each display device that a
security officer wants to sign on to (local, remote, or virtual), must have had the
following authority specified with the Grant Object Authority (GRTOBJAUT)
command:
GRTOBJAUT OBJ(display_name) OBJTYPE(*DEVD)
AUT(*CHANGE) USER(QSECOFR)
This procedure is very important because Telnetautomatically configures virtual
devices. If the QLMTSECOFR value is set to 0, all devices automatically configured
by Telnetcan be used by the security officer. If you set the QLMTSECOFR value to
1, your security officer is not able to use the virtual devices created by Telnetunless
you grant object authority to the security officer for that virtual device. The automatic
configuration support can delete and re-create the virtual device. If this occurs,
authority must be granted to the security officer each time the virtual device is
created.
Step 4—VTxxx—Working with Associated System Values
In addition to the QAUTOVRT and QLMTSECOFR, the following system values are
available for you to work with from the Configure TCP/IP Telnet(CFGTCPTELN)
menu:
vQINACTITV: Inactive job time-out
vQINACTMSGQ: Inactive job message queue
vQLMTDEVSSN: Limit device sessions
vQMAXSGNACN: Action to take for failed sign-on attempts
vQMAXSIGN: Maximum sign-on attempts allowed
vQRMTSIGN: Remote sign-on control
vQDEVRCYACN: Device I/O error action
vQDSCJOBITV: Timeinterval before disconnected jobs end
Figure 124on page 197 shows the Configure TCP/IP Telnet (CFGTCPTELN) menu.
Setting the Telnet Timemark Timeout Value:
Youshould also take into
consideration the TIMMRKTIMO parameter.
The Telnettimemark timeout (TIMMRKTIMO) parameter specifies the number of
seconds between TIMEMARK commands sent by the Telnetserver. If Telnet is
unable to send the TIMEMARK command, it closes the connection.
Chapter6. TelnetServer 199
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|