IBM Safenet/400 инструкция обслуживания

SAFENET/400 REFERENCE GUIDE Version 8.50   2008 MP Associates of Westchester, Inc.[...]

How to contact us Direct all inquiries to: Kisco Information System s 89 Church Street Saranac Lake, New York 12983 Phone: (518) 897-5002 Fax: (518) 897-5003 SafeNet/400 Website: http://www.kisco.com/safenet SafeNet/400 Support Website: http://www.kisco.com/safenet/support Visit the SafeNet/400 Web Site at HTTP://WWW.KISCO.COM/SAFENET[...]

TABLE OF CONTENTS CHAPTER 1 - SETTING UP USERS ..................................................................................... 1.1 S ETTING THE U SER L OGGING L EVELS ......................................................................................... 1.2 S AFE N ET A DMINISTRATOR .........................................................[...]

CHAPTER 7 - TESTING YOUR SECURITY SETTINGS .................................................. 7.1 T ESTING S AFE N ET /400 SETTINGS BASED ON YOUR HISTORICAL DATA WITH THE ON - LINE TRANSACTION TESTER ................................................................................................................. 7.2 B ATCH T RANSACTION T EST R EVIE[...]

1.1 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 SafeNet/400 Reference Guide Chapter 1 - SETTING UP USERS Navigating through the screens You can perform each of the steps outlined in this chapter by using the corresponding option on the SafeNet/400 Main Menu . However, if you are setting up a [...]

1.2 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Setting the User Logging Levels The valid logging levels are: Logging Level A Log all transactions Logging Level R Log only rejected requests Logging Level N No logging As you set up your user logging levels, please keep in mind the following: ?[...]

1.3 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 SafeNet Administrator You can set up a SafeNet/400 Administrator, or ‘Super Admin’ from the SafeNet/400 Special Jobs Menu or by using the WRKSNADM command. This can also be found on the Special Jobs Menu , Option 5 – Maintain SafeNet Admin[...]

1.4 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Super Trusted User Control Under special circumstances it may be necessary to have a user that should not be checked through all the SafeNet/400 security routines. Transactions from these users can bypass the traditional S afeNet/400 security ro[...]

1.5 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Entering User Security Levels If you plan on setting any of the Server Functi ons to Level 3 or Leve l 4, and anticipate doing anything other than simply logging all re quests, the first step in configuring SafeNet/400 is to give the users autho[...]

1.6 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Type 1 in the Option column in front of each serv er th is user will have access to. If they will have access to all the server functions, select *ALL ACTIVE SERVERS To remove access to a particular se rver, remove the ‘1’ and leave the Opti[...]

1.7 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Entering User Authorities to Objects Once you have given the user access to the servers, th e next step is to ente r the level of authority the user has to objects on the System i5 if you plan on setting any of the servers to Level 4. 1. If you [...]

1.8 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 4. In the Library or Folder column, enter the name of the library or folder, then TAB to the Object or Sub-Flr column and type in the name of the object or sub-folder. Note: Allowed entries for Library or Folder  *ALLLIB  *ALLFLR [...]

1.9 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 5. For Data Rights, type an X under the appropriate level of authority. Place an X for each data right that applies. 6. For Existence Rights, type an X if this user will be able to create, delete or m ove an object. To assign EXCLUSIONS to objec[...]

1.10 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Exclusions To give all users read access to all objects in all libraries, but exclude them from any objects in the PAYROLL library, give *PUBLIC READ aut hority to the library and exclude *PUBLIC from the PAYROLL library.[...]

1.11 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 If the PAYDEPT profile needs to use objects in the PAYROLL library, grant user profile PAYDEPT READ authority to the PAYROLL library. This individua l authority overr i des the *PUBLIC authority.[...]

1.12 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Entering User Authorities to SQL Statements If you are going to set the SQL servers to Level 4 only, the next st ep is to authorize us ers to the SQL Statements they may need. 1. If you used F9 from the previous screen, skip to Step 4. 2. If yo[...]

1.13 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 If you would like to see the list of a ll users who have been defined within SafeNet/400 , press F2. 5. When finished making all your selections, ENTER . 6. Press F9 to advance to the next step - setting up user authorities to FTP statements.[...]

1.14 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Entering User Authoriti es to FTP Statements Next you must authorize users to the FTP Statemen ts they may need if you are going to set the FTP S erver or FTP Client to Level 4. 1. If you used F9 from the previous screen, continue with Step 4. [...]

1.15 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 If you would like to see the list of a ll users who have been defined within SafeNet/400 , press F2 . 5. Press F4 to display the Maintain Special FTP Settings for Users screen Note: Special FTP settings for a user are al lowed only when your sy[...]

1.16 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Name Format  *LIB indicates that the user sees stan dard Library/Object OS/400 style names  *PATH displays PC or *UNIX styl e file and directory names. List Format  *DFT user sees standard OS /400 CHGFTPA server settings ?[...]

1.17 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Entering User Authorities to CL Commands Next, if you plan on setting the FTP, DDM or Remote Command Servers to Level 4, you must authorize users to the CL commands they may need. 1. If you used F9 from the previous screen, continue with Step 4[...]

1.18 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 To remove authorization to a command, FIELD EXIT through the line to blank it out. If you would like to see the list of a ll users who have been defined within SafeNet/400 , press F2 . 5. When finished typing all the required CL commands for th[...]

1.19 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Entering Long Path Names The default SafeNet/400 setting is to use long path nam es. If you choose to not use long path name support, you must first change the SafeNet/4 00 default setting. Use the CHGSPCSET command to set the PATHL parameter t[...]

1.20 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 4. Enter the paths that the user is authorized to. Paths can be entered up to 256 positions in length, although only the first 60 positions are shown on the display. To enter and/or view a path over 60 positions lon g, enter 2 in the option col[...]

1.21 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Copying an Existing User to Set Up a New User in SafeNet/400 This will allow you to copy the authorities and settings from one user to another within SafeNet/400 . The new user profile must already exist in OS/400. 1. From the Special Jobs Menu[...]

1.22 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Maintain all Security for a User The WRKUSRSEC command, which is not found on any of the SafeNet/400 menus, gives you the ability to perform security m aintenance fo r an individual user withou t entering several different commands. When you us[...]

1.23 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Setting up Time of Day Controls If you want to exclude users from server functi ons based on the day of th e week or the tim e of day, use Time of Day controls. SafeNet/400 checks authority in the f ollowing sequence: Is the authorized to at th[...]

1.24 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 To set up the Time of Day cont rols for a specific user, use Option 2 – Work with User to Server Security from the SafeNet/400 Main Menu or the WRKUSRSRV command. Type the user profile , ENTER and then press F10 . The User Time-of-Day Mainten[...]

1.25 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 You can define up to three time ranges and can select which days to exclude by typing X in front of the day. You can also define holidays that will be used to control Time of Day access. Press F9 to display the Time of Day Holiday Maintenance s[...]

1.26 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008[...]

2.1 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Chapter 2 - SETTING UP SERVERS The final step in configuring SafeNet/400 is to enter the Security Lev e l settings for all the server functions. Important: If you do this step first and restrict acce ss to the server functi ons prior to setting [...]

2.2 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 SafeNet/400 Server Function Security Levels Level 1:  IBM default  Unlimited access, all requests accepted  Requests can be logged, reporting available  Performance impact - none Level 2:  No access at all, all requ[...]

2.3 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Level 5:  This indicates that SafeNet/400 does not recognize a program assigned to the exit point or has detected a user-defined program assigned. (Use WRKREGINF command to review existing exit point programs.)  Not supported  [...]

2.4 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Setting the Server Function Logging Levels The valid logging levels are: Logging Level A Log all transactions Logging Level R Log only rejected requests Logging Level N No logging As you set up your Server Function logging le vels, please rememb[...]

2.5 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Basic Server Security - Supported by all Servers Level 1 - IBM Default Level 2 - No access to server Intermediate Server Security - Supported by all Servers Level 3 - Users must be authorized to the server Special Level 3 - *TELNET - controls si[...]

2.6 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Recommended Server Settings Server Description Recommended Setting Central Server - client management Level 1, Log None Central Server - conversion map Level 1, Log None Central Server - license management Level 1, Log None Database Server - ent[...]

2.7 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Server Description Recommended Setting Distributed Data Management Level 3, Log All - Limit user access o r Level 4, Log All - Limit users to specific obje cts and commands DHCP Level 1, Log None DRDA DB2 Database Access Request Level 3, Log All[...]

2.8 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Server Description Recommended Setting Original Message Server Level 1, Log None Original Remote SQL S erver Level 4, Log All - Limit user access to objects and SQL statements Original Virtual Print Server Level 1, Log None PWRDWNSYS Level 1, Lo[...]

2.9 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Entering Server Function Security Levels 1. From the SafeNet/400 Main Menu select Option 1 - Work with Server Security Settings or use WRKSRV comma nd The Maintain Server Security screen is displayed. 2. Enter the level of security and the loggi[...]

2.10 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 3. When you have finished entering information for all the servers, press ENTER. The screen is refreshed and any ch anges you made are reflected in the Current columns.[...]

2.11 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Customer Exit Programs If you would like to use your own progr ams over these server exit points, F18 on the Maintain Server Security screen give s you the ability to do so. SafeNet/400 will look to see if there is a customer-written pro gram t[...]

2.12 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008[...]

3.1 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Chapter 3 - TELNET, TCP/IP ADDRESS CONTROLS Setting up TELNET TELNET control features are supported only when the server is set to Level 3. You may use some or all of the features avai lable with the TELNET server point:  Control access by[...]

3.2 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Controlling TELNET Access by IP Address 1. Set the TELNET server to Level 3 using the WRKSRV command. 2. From the SafeNet/400 Main Menu , sele ct Option 7 – Work with TCP/IP Address Security or use the WRKTCPIPA command and enter *TELNET as th[...]

3.3 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Setting the Required Password Type This field must be set if the TELNET Server is set to Level 3. You mu st enter the appropriate setting for ALL TELNET IP address controls. As of OS/400 V4R2, only a setting of 0 or 1 is available. A setting of [...]

3.4 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Allow Auto Signon 1. Use the WRKSRV command to set the TELNET server to Level 3 2. Use the WRKTCPIPA *TELNET command to enter the IP address allowed for auto signon 3. Enter the password type (0 or 1 is required) 4. Enter a Y to allow auto signo[...]

3.5 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Logging of TELNET Sessions Under normal signon conditions (no auto signon a llowed), each request for a TELNET session is logged into the transaction hist ory file (TRAPOD) by IP addre ss, and a user name of QSYS. QSYS is used because no user pr[...]

3.6 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Setting up TCP/IP Address Controls SafeNet/400 allows you to specify which client IP a ddresses are either ac cepted or rejected by the Telnet and the FTP Servers . Turning on TCP/IP Address Checking To set-up and turn on TCP/IP address checking[...]

3.7 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Setting up TCP/IP Address Control Table 1. Use SafeNet/400 Main Menu Option 7 or the WRKTCPIPA command 2. In IP Addresses for Server enter *FTPSERVER, *FTPCLIENT or *TELNET for the proper control table. 3. Type the addresses to accept or reject [...]

3.8 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008[...]

4.1 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Chapter 4 - SETTING UP FTP Anonymous FTP Logon To set up for Anonymous Logon, you must fill in the special FTP settings, and set the FTP Logon Server to Level 3 and the FTP Server Validation to Level 4. Follow these steps for FTP: 1. From the Sa[...]

4.2 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Set the parameters f or CHGFTPSET command as follows. The default value is highlighted in bold . Parameter Screen Selections Value Description RLOGON Allow Normal USERID FTP Logon *YES *NO This parameter is used to determ ine whether or not you [...]

4.3 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 GUEST Allow Anonymous GUEST Password *YES *NO To allow Anonymous user logins with the password of GUEST, enter *YES here. You can choose GUEST or use an E-mail address. Note : If you select GUEST, the System i5 still prompts an anonymous user fo[...]

4.4 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 password of *NONE and *USER for the profile type . If you do this, no one can use this profile to sign on since the password is set to *NONE. APWD Password for Above Profile pword Enter the password to be used with the profile in parameter AUSRP[...]

4.5 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Setting up for ANONYMOUS FTP Example 1. Create a user profile on the System i5 called ANONYMOUS, with password *NONE and user class *USER, and set the Current Library. 2. From the Special Jobs Menu , select Option 3 - Change Special FTP Server S[...]

4.6 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 If using long path support, use the WRKUSRPTH command to enter th e correct path or paths for ANONYMOUS. 14. Select Option 5 - Work with User to FTP Statement Security or use the WRKUSRFTP command to grant the ANONYMOUS user ID aut hority to spe[...]

4.7 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Setting up for Normal User IDs and FTP Servers Example 1. From the Special Jobs Menu select Option 3 - Change Special FTP Security Settings or use CHGFTPSET command 2. On the FTP Security Settings screen, set Allow normal user IDs to log on the [...]

4.8 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008[...]

5.1 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Chapter 5 - DHCP Controls and Reporting Dynamic Host Configuration Protocol DHCP allows clients to obtain IP network configuration, including an IP address, from a central DHCP server. DHCP servers control whether the a ddresses they provide to [...]

5.2 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Working with DHCP DHCP functions are performed from the DHCP Control and Reports Menu . From the SafeNet/400 Main Menu select Option 13 – Go To DHCP Menu The DHCP Control and Reports Menu appears. The DHCP functions provide the ability to main[...]

5.3 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Current DHCP Activity To see current status, from the DHCP menu select Option 1 – Display Current DHCP Activity This screen displays bind and release information Use function keys to switch views:  F2 switches between the Currently Active D[...]

5.4 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Move your cursor to the name you want to change in the Editable Names column. Press ENTER to record the change. To use this function make sure you are looking at the Currently Active D HCP Addresses Bound screen. Use F2 if necessary to switch. ?[...]

5.5 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Maintaining MAC Addresses From the DHCP menu selec t Option 5 – Manually Maintain MAC Addresses to User Names This operates as a standard OS/400 DFU program. Press F9 to use insert mode when editing Press F23 to delete the MAC address and name[...]

5.6 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Fixed IP Addresses To assign IP addresses to devices, from the DHCP Menu select Option 6 – Manually Maintain Permanent, Static IP Addressed Devices or us e the SNDHCPPR command Even if you are not using DHCP on your System i5, you can use this[...]

5.7 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Purging Expired DHCP Lease Information The Expired or Released DHCP address information is cum ulative and will remain in the system until you purge it. From the DHCP Menu select Option 8 – Run Purge of Expired DHCP Lease Information Enter the[...]

5.8 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Ping Checker You can use this option to ping a single IP address or a range of addresses. From the DHCP Menu select Optio n 10 – IP Address Range Ping Checker Enter the range of IP addre sses that you want to ping. Press ENTER and you will beg[...]

6.1 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Chapter 6 - REPORTS SafeNet/400 reports are grouped in to two categories:  Setup Reports provide information on server settings, us er authorities to servers and to data, etc.  Analysis Reports provide data on SafeNet/400 usage - the[...]

6.2 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Setup Reports These reports are accessed through the SafeNet/400 Main Menu, Option 11 – Go to Setup Reports Menu ( GO SN3 command) 1. Server Status Prints each Server Function and its security level setting 2. User to Server Security Listing L[...]

6.3 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Usage Reports These reports are accessed through the SafeNet/400 Main Menu, Option 12 – Go to Analysis Reports Menu ( GO SN4 command) . Menu SN4 options 2 through 7 also give you the ability to run auto-enrollment reports and perform the auto-[...]

6.4 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008[...]

7.1 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Chapter 7 - TESTING YOUR SECURITY SETTINGS Once you have planned your server function Security Level settings, SafeNet/400 gives you a method to test the settings to make sure they wi ll provide the level of secu rity you anticipate. It acts as [...]

7.2 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Testing SafeNet/400 settings based on your historical data with the on-line transaction tester This is the preferred method if you would like immediate feedback. 1. From the SafeNet/400 Main Menu select Option 10 - Go to Special Jobs/Setup Menu [...]

7.3 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 3. In the Security Levels to Check field: Type C (Current) to test tr ansactions with your present SafeNet/400 Server Security Levels Type H (Historical) to review the actual status received when the transaction was logged; no new ‘re-testing?[...]

7.4 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 4. When you press ENTER and a transaction that meets your selection criteria is found, the On- Line Transaction Testing Mode screen is displayed. This describes:  The Requested Security Level setting to check  The current Security Le[...]

7.5 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008  Additional command keys are shown when rejections are displayed. These additional command keys will allow you to work directly with the appropriate user setting based on the rejection code. 5. You can roll up or down to scroll backward an[...]

7.6 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Batch Transaction Test Review/Re port – Security Report by User You can use this batch report to test all the hi storical transactions th rough current and future control file settings. With this report you can make changes to control f iles, [...]

7.7 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 2. Select the servers to include in the report  * ALL - all servers  * DEFAULT - based on servers that were selected on Menu SN2 , Option 1 - Select Default Servers for Security Report  * SELECT - displays a list of servers to [...]

7.8 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Page Down if you would like to print the report to an output f ile. When you have finished making your selections, ENTER to submit the re port to batch.[...]

7.9 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Recommended approach to testing A recommended approach to using the On-Line Transaction Testing program is: 1. Set all of the important s erver functions to Security Level 1, Log All. This will log al l requests without affecting any users. Set [...]

7.10 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 PCREVIEW Use the PCREVIEW command or Option 9 - On-Line Transaction Review from the SafeNet/400 Special Jobs Menu to review each transaction logged by SafeNet/400 . This displays the historical transactions only. No testing can be perfor med us[...]

7.11 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 The On-Line Transaction Review Mode screen is displayed, supplying more detailed information about the specific transaction. You can use the ROLL UP/ROLL DOWN keys to scroll through the sequential transactions or press ENTER to return to the PC[...]

7.12 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008[...]

8.1 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Chapter 8 - BACKUPS AND PURGES Log file Purge When SafeNet/400 is logging client requests, the informa tion is kept in the TRAPOD file in library PCSECDTA. At times this file may grow to a considerable size. This function deletes the records in [...]

8.2 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 To perform a standard purge 1. Backup the TRAPOD file to tape, if desired. You will need to issue the ENDTRP command BEFORE beginning the backup. 2. Select Option 8 from the Special Jobs Menu or use the STRPRG command. 3. Enter the number of day[...]

8.3 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 To purge the log and archive the records 1. Select Option 8 from the Special Jobs Menu or use the STRPRGARC command. 2. Enter the number of days to retain inform ation in the TRAPOD file or enter the date to purge through. The default is to reta[...]

8.4 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Automating the log file purge To automatically purge the log file, a rchive th e purged records and generate the tran saction report, use the following command or add it to the system job scheduler: SBMJOB CMD(PCSECLIB/STRPRG ARC DAYS(XXX) JOB(S[...]

8.5 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Automating and Running the Security Report and the Log File Purge Together Use this method to automate both the SafeNet/4 00 Security Report and the Log File Purge. For this example, the purge is being done on Mondays and Thursdays. You m ay use[...]

8.6 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 This example runs the Log File Purge and re tains only 1 day of data in the file. Saturday 1. Run security report and s ee entire contents of log PRTSECRPT 2. Run purge and retain 1 day STRPRGARC DAYS(001) Note: It is a good idea to run these co[...]

8.7 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Daily Backup Procedure Modify your daily backup procedure to follow these guidelines: 1. Enter command CHGSPCSET LOGALL(*NO) This prevents SafeNet/400 from attempting to log requests 2. Issue the ENDTRP command within SafeNet/400 This will end t[...]

8.8 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008[...]

9.1 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Chapter 9 - DE-ACTIVATING AND REMOVING SAFENET/400 You must be signed on as a Super Admin in Sa feNet/400 to perform any Activate/De-Activate processes. See ‘SafeNet Administrator’ in Chapter One of this guide. De-activating SafeNet/400 Unde[...]

9.2 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 To activate or de-activate SafeNet/400: Remember, you must be a SafeNet/400 Super Adm in to perform this step. 1. From the Special Jobs Menu select Option 6 - Activate/De-Activate SafeNet/400 The Server Activation Control screen is displayed, in[...]

9.3 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Removing SafeNet/400 from your system If it becomes necessary to completely rem ove SafeNet/400 from your System i5, follow these steps. 1. Sign on to the System i5 as QSECOFR or SAFENET. 2. De-activate SafeNet/400 . Follow the instructions on t[...]

9.4 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008[...]

10.1 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Chapter 10 - PROBLEM DETERMINATION If SafeNet/400 is not working properly, there are a few general things to check. Error Message Received on the System i5 1. Did you perform an IPL after the initial SafeNet/400 installa tion? It is necessary t[...]

10.2 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 5. Have you made changes to server function S ecurity Levels or us er authority tables? If a particular request was working, a nd now it is not, make sure you have not inadvertently disabled a server function or revoked authorities from a user.[...]

10.3 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Error Message Received on the Client If you receive an error message indicating a probl em with a client or a communications request, or an exit program rejection and SafeNet/400 is active : Check the request log for a ‘REJECTED’ response 1[...]

10.4 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 If you are unsure that SafeNet/400 is the source of the problem 1. Reset the Security Level in SafeNet/400 by following these directions:  From the SafeNet/400 Main Menu select Option 1 – Work with Server Security Settings or use WRKSRV[...]

10.5 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 If you receive a message on the System i5 about a SafeNet/400 or PCSECLIB program, or you still cannot resolve a client error or client app lic ation error, ch eck to see if the system was IPL'd since you:  Initially installed SafeNet/4[...]

10.6 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 If you still cannot resolve the problem 1. Check all the joblogs for the jobs in the subsystems: QSYSWRK QSERVER 2. You may have to change the QDFTJOBD job de scription to capture th e joblogs of certain jobs initiated by client requests. CHGJO[...]

10.7 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Examples of Client Error Messages Some common error messages you may see on a W indows95 client: This message was received on the client when th e server function was set to Level 2 - Function Disabled/No Access. This message was received on th[...]

10.8 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 This message was received on the client when th e user was no t authorized to the SQL Select statement.[...]

10.9 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Error Codes which Appear in the Log 1 Accepted 0 Rejected Reason unavailable A Rejected Server is turned off B Rejected No authority to server C Rejected No authority to object D Rejected No authority to library E Rejected Invalid Data Rights a[...]

10.10 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 R Rejected Auto-signon requires password S Rejected TELNET requires password T Rejected Encrypted password required U Rejected No devices available V Rejected Unauthorized CL command X Rejected Error with Swap Profile Y Rejected Error during P[...]

10.11 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Additional Troubleshooting Tips PCREVIEW Command Use the PCREVIEW commands to easily view hist orical network transac tions. You can select various filters to display only the records from the log file you are interested in. From this screen y[...]

10.12 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008[...]

11.1 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Chapter 11 - SPECIAL SAFENET/400 CONSIDERATIO NS This section contains information on procedures that will help you manage and autom ate certain SafeNet/400 functions. Resetting Level 5 within SafeNet/400 When an installation has a user exit pr[...]

11.2 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Follow the instructions to de-activate the pr ogram found in Chapter 9 in this guide, ‘De- activating and Removing SafeNet/400’. 6. Re-activate SafeNet/400 Select Option 6 - Activate/De-Activate SafeNet/400 7. Restart your system[...]

11.3 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Pre-Power Down Program Point You can create a power down CL program to be called whenever the PWRDWNSYS command is issued. SafeNet/400 will call this program and log the request whenever the command is processed. To use this feature, create a C[...]

11.4 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Using Automatic Alert Notification Alert notification contin ually monitors network activity and can issue warning m essages to up to five different message queues whenever an attemp t is made to access an unauthorized server or object. You can[...]

11.5 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Activating SafeNet/40 0 Alert Notification 1. From the SafeNet/400 Special Jobs Menu select Option 7 - Change Alert Notification Status or use the CHGNOTIFY command and press F4 . 2. Type *ON for parameter ALERT to activate alert notification, [...]

11.6 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Profile Swapping Profile Swapping allows you to assign an alternate or a "swapped" user prof ile to be interrogated by SafeNet/400 and passed to OS/400 for security lookups. When profile swapping is in use, any incoming ne twork trans[...]

11.7 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Setting up a Swap Profile Make sure that you have set the SWAPU parameter on the CHGSPCSET command to allow profile swapping. Then follow these step s to set up your alternate profiles. 1. From the Special Jobs Menu , select Option 15 - Swap Pr[...]

11.8 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Journaling SafeNet/400 Security Files You may wish to journal all changes made to any of the SafeNet/400 security fi les for audit purposes. Three programs are provided to assist with the journaling process: 1. Call PCSECLIB/STRSAFEJRN  C[...]

11.9 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Files Contained in SafeNet/400 These files are available for you to use for any addition al reporting requirements you m ay have. All are located in library PCSECDTA. DHCPBLOG Contains DHCP Bindings log reports DHCPRLOG Contains DHCP Release lo[...]

11.10 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 TRAPOD File All logged network requests are placed in this fi le. This file will grow significantly ov er tim e, depending on network traffic. Be sure to pay cl ose attention to its size and establish a schedule to purge records. This file can[...]

11.11 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 SafeNet/400 Commands Commands Description ADDSNADM Maintain SafeNet administrators ADDSNUSR Allows batch mainte nance of SafeNet/400 users ADDUSRCMD Allows batch maintenance of users to commands ADDUSRFTP Allows batch main tenance of users to [...]

11.12 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Commands Description PRTSQLUSG Reports SQL statement usage and auto-enro llment PRTSRVUSG Reports server usage and auto-enrollment RMVSNUSR Removes a user from all SafeNet/400 enrollments RMVSNUSR1 Removes all profiles not defined to OS400. Ex[...]

11.13 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Commands Description WRKSWPPRT Work with Swap Pr ofiles WRKTCPIPA Work with TCP/IP address control WRKUSRCMD Work with user to CL commands WRKUSRFTP Work with user to object FTP statement security WRKUSROBJ Work with user to object security WR[...]

11.14 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008[...]

12.1 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Chapter 12 - SERVER FUNCTION DESCRIPTIONS This section lists all the current System i5 serv er functions, their descriptions and information on how they are used. The servers are alphabetized within two groups - the Original Se rvers and the Op[...]

12.2 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Original Servers These servers have been provided by IBM sin ce PC Support/4 00 became available. Support for these original servers was designe d f or and is still used to service the orig inal c lients: DOS, Extended DOS and OS/2.[...]

12.3 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Distributed Data Management Description: Distributed Data Management - 100 Security checking is performed when a remo te user or system accesses a System i5 file or issues an incoming remote comm and via DDM. The remo te user must be authorized[...]

12.4 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 3. For Version 4 of SafeNet/400 , if *DDM is set to Level 4, yo u must auth orize each user to the CL commands they may issue to the System i5. 4. Most System i5 systems, by default, us e the QUSER profile for the communications conversation. Q[...]

12.5 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Original Data Queue Server Description: Original Data Queue Server - 100 A data queue is a System i5 object that is used by System i5 application programs for communications. Applications can use data queues to pass data between jobs. Multiple [...]

12.6 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Original Transfer Function Server Description: Original Fi le Transfer Function - 100 The Client Access transfer functi on transfers data between th e Sy stem i5 system and a personal computer. Where used: Client Access for Windows95 - PC5250 T[...]

12.7 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 4. Full control of library, object and data rights allowed. 5. At Level 4, to select or extrac t a list of objects from within a lib rary, you must enter the name of the library and use *ALL in the Object or Sub-Flr column. The user will need R[...]

12.8 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Original License Management Server Description: Original License Management Server - 100 The license management server ensures valid lice nses are available for Client Access, IBM and non-IBM licensed applications when requested fro m a client.[...]

12.9 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Original Message Server Description: Original Message Server - 100 The message function server allo ws users to communicate with each other by sending messages. Users can communicate with other users at System i5 workstations or with users at p[...]

12.10 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Original Remote SQL Server Description: Original Remote SQL Server - 100 The remote SQL server processes requests that ar e received from Client A ccess products that are using the high-level language remote SQL API. The API allows application[...]

12.11 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Original Virtual Print Server Description: Original Virtual Print Server - 10 0 The virtual print server is used to print data fr om PC application program s on System i5 printers. Where used: Client Access for Windows 3.1 Client Access for OS[...]

12.12 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Example 2: To grant authority to only th e PAYROLL printer, enter: Library or Folder Object or Sub-Folder Read QUSRSYS PAYROLL X[...]

12.13 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Optimized Servers This server support, provided by IBM with C lient Access (now iSeries Access for W indows) beginning with OS/400 Version 3 Release 1, servi ces optimized clients: W indows 3.1 (16 bit applications), Optimized OS/2 (32 bit app[...]

12.14 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Central Server - Client Management Description: Central Server - client mgmt - 100 The central server provides the ab ility to update the client mana gement database on the System i5. iSeries Access for Windows uses this func tion when new or [...]

12.15 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Central Server - Conversion Map Description: Central Server - conversion map - 100 The central server provides support for retrieving conversion maps for clients that need them. These conversion maps are usually used on the client for ASCII to[...]

12.16 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Central Server - License Management Description: Central Server - license mgmt - 100 The license management support provided by this server is very similar to the support in the original license management server for iSeries A ccess for Window[...]

12.17 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 DB2 for System i5 Database Access Request - DRDA Description: DRDA DB2/400 Database Access Request This server is used whenever a client requests a DRDA conversation connection. Where used: Rumba Access D B 2 f o r S y s t e m i 5  DB2 for [...]

12.18 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Database Server - Data Base Access - 100 Description: Database Server - data base access - 100 This server function manipulates data base files on the System i5. It allows operations to data base files, such as: create physical file, add datab[...]

12.19 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Database Server - Data Base Access - 200 Description: Database Server - data base access - 200 This server function enables th e addition of library list entries . Where used: iSeries Access for Windows for Windows95 - Access to System i5 data[...]

12.20 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Database Server - Entry Description: Database Server - Entry - 100 This server function is used at se rver initiation request. It is the request that always comes first. All other database server re quests come after a request to this entry po[...]

12.21 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Database Server - Object Information - 100 Description: Database Server - object information - 100 This server function is used for requests to retr ieve information about certain objects from the data base server. Where used: iSeries Access f[...]

12.22 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Notes: 1. List retrievals from *USRLIBL automatically allowed. 2. Data rights enforced. 3. At Levels 3 and 4 users must be authorized to the server function. 4. At Level 4 the user must be authorized to the OBJECT/LIBRARY.[...]

12.23 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Database Server - Object information - 200 Description: Database Server - object information - 200 This server function is used for requests to retr ieve additional informati on about certain objects from the data base server, such as primary [...]

12.24 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Database Server - SQL Access Description: Database Server - SQL access - 100 Database Server – SQL access – 200 (for V4R1 and above) This server function is used when certain SQL re quests are received for the data base server. The QIBM_QZ[...]

12.25 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Notes: 1. At Levels 3 and 4 users must be authorized to the server function. 2. At Level 4 the user must be authorized to the OBJECT/LIBRARY and the SQL statem ent. Data authority requirements are d etermined by th e authorized SQL statements [...]

12.26 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Data Queue Server Description: Data Queue Server - 100 A data queue is a System i5 object that is used by System i5 application programs for communications. Applications can use data queues to pass data between jobs. Multiple System i5 jobs ca[...]

12.27 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 DHCP Address Binding Notify Description: DHCP Address Binding Notification - 100 This server assigns IP addresse s to specific client hosts. Where used: Any device on a TCP/IP network whenever it requests an IP address from the System i5 when [...]

12.28 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 DHCP Address Release Notify Description: DHCP Address Release Notification - 100 This server releases an IP address from its specific client host assignment binding. Where used: Any device on a TCP/IP network whenever it requests an IP address[...]

12.29 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 File Server Description: File Server - 100 The file server function allows clients to store and access information, such as files and programs, on the System i5 in various formats. This server replaces the shared folder type 2 server that was [...]

12.30 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Library or Folder Object or Sub-Folder *ALLFLR *ALL To enter *ALLFLR/ * ALL you must be signed on as QSECOFR. Proper Data Rights must be selected also.[...]

12.31 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 3. At Level 4, to authorize a user for access to a non-IBM folder within the QDLS file system (shared folders), you must enter two r ecords in the OBJECT/USER security file. Example 1: A user requires access to a fold er called PERSONNEL withi[...]

12.32 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 systems Qopensys, Qfilesys.400 and home , key in the first 10 positions o f each file system name only. Example: Network Request: /Qfilesys.400/ QSYS.LIB/PAYROLL.LIB/SALARY.FIL Entries Required: Library or Folder Object or Sub-Folder Read Entr[...]

12.33 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 FTP Client Request Validation Description: FTP Client Request Validation This function is used whenever the System i5 is a client, issuing FTP commands to a remote system. Where used: System i5 comm and lines, interactive and batch jobs can in[...]

12.34 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Using FTP Client:  Sending an object to a remote system An FTP PUT of object ABC in an FTP Client session requires *READ authority to object ABC on the local machine.  Get an object from a remote system An FTP GET of object ABC in [...]

12.35 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 FTP Logon Server Description: FTP Logon Server 1 - 100 This server is used any time the System i5 answ ers an FTP start request from another system or user. It is available in OS /400 versions V3R7 through V4R1 Where used: Internets and Intran[...]

12.36 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 FTP Logon Server Description: FTP Logon Server 2 - 200 This server is used any time the System i5 answ ers an FTP start request from another system or user. It is available in OS /400 versions V4R2 and above. Where used: Internets and Intranet[...]

12.37 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 FTP Logon Server Description: FTP Logon Server 3 – 300 This server is used any time the System i5 answ ers an FTP start request from another system or user. It is available in OS /400 versions V5R1 or above. Where used: Internets and Intrane[...]

12.38 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 FTP Server Request Validation Description: FTP Server Request Validation This function is used whenever the System i5 receives an FTP comm and it must act upon. Where used: Internets and Intranets MS Windows And most other operating systems Se[...]

12.39 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Network Print Server - Entry Description: Network Print Server - entry - 100 This server function is used when the network print server is started. Where used: iSeries Access for Windows Server Identifier: QNPSERVR Format Name: ENTR0100 Levels[...]

12.40 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Network Printer Server - Spool File Description: Network Print Server - spool file - 100 This server function is used af ter the network print server rece ives a request to proces s an existing spooled output file. Where used: iSeries Access f[...]

12.41 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Pre-Power Down Description: Pre-Power Dow n Server This program is called whenever the PW RDWNSYS or ENDSYS command is issued Where used: Any interface, command line or prog ram that can issue the PWRDWNSYS or ENDSYS command Server Identifier:[...]

12.42 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Remote Command and Distributed Program Call Server Description: Remote Command/Program Call - 100 The remote command and distributed program call se rver is provided to a llow client users and applications to issue System i5 CL commands and ca[...]

12.43 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 REXEC Logon Server Description: REXEC Logon Server 1 - 100 This server is used to validate a client request to start the REXEC Server. It is available in all versions of OS/400. Where used: Windows and OS/2 Desktop Add-in Applications Other Cl[...]

12.44 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 REXEC Logon Server Description: REXEC Logon Server 2 - 200 This server is used to validate a client request to start the REXEC Server . It is available in OS/400 versions V5R1 and above. Where used: Windows and OS/2 Desktop Add-in Applications[...]

12.45 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 REXEC Request Validation Server Description: REXEC Request Validation Server This server is initiated whenever a client issues a REX statement to the Sy stem i5. Where used: Windows and OS/2 Desktop Add-in Applications Other Clients using REXE[...]

12.46 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 ShowCase Strategy** Validation Server Description: Showcase Strategy Validation Server This server is initiated by a client utilizi ng the Showcase Strategy** produ ct with the proper exit point added to OS/400. Please follow the instructions [...]

12.47 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 TCP Signon Server Description: TCP Signon Server - 100 The signon server provides security for clients th at use TCP/IP communications support. This security function prevents access to the System i5 for users with expired passwords or allows [...]

12.48 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 TELNET Device Initialization TELNET Device Termination Description: TELNET Device Initialization - *TELNETON TELNET Device Term ination - *TELNETOFF The TELNET servers provide for security when using TCP/IP and TELNET clients. This point allow[...]

12.49 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 TFTP Server Request Validation Description: TFTP Server Request Validation Clients utilizing TFTP (Trivial File Transfer Protocol), such as the IBM Net Station use this server. Where used: IBM Net Station Boot Server Identifier: *TFTPSRVR Form[...]

12.50 SafeNet/400 Reference Guide  Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 User Profile Servers Description: Add User Profile Change User Profile Delete User Profile Restore User Profile These servers are called each time a user profile command is issued. Where used: Any interface or command line that can issue a use[...]

INDEX A Administrator ...................................................................... 1.3 Alert notification ........................................... 11.4, 11.5, 11.11 Anonymous ................................................... 4.1, 4.2, 4.3, 4.4 Anonymous FTP ................................................................ 4.5 Authorit[...]

U User Profiles *PUBLIC .......... 1.5, 1.7, 1.10, 1.11, 1.12, 1.14 , 1.17, 1.19 Group ............................................................................ 1.1 Swapping ................................................ 10.10, 11.6, 11.7 Users Copying ...................................................................... 1.21 Removing .......[...]