Tip for securing CA/400 passwords

Tip for securing CA/400 passwords

CA/400 has a nefarious little "feature" called passive password caching. Passive password caching works independently of your explicit password caching settings, with any 32-bit version of CA/400. The upshot of passive password caching is that it lets users into the AS/400 without signing on first.

Once you've signed on once with bypass sign-on checked (and that's a user-configurable convenience at the desktop that you should assume is checked), subsequent green-screen sessions do not ask for the user ID and password! Users are instantly signed in as the last user who used the emulator.

The fix, though, is easy: ensure that system value QRMTSIGN is set to *FRCSIGNON. This will unconditionally require all CA/400 green screen users to sign in appropriately.

This was last published in January 2000

Dig Deeper on iSeries system and application security



Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: