It's understood that with CA -- via the telnet port -- all of our user Ids and passwords float all over the Internet. If you capture what's "in the air" you can even see the code (CCSID) to "de-crypt" the passwords -- even with SSL telnet there is no real encryption of the passwords. Do you know if there are methods to encrypt iSeries passwords BEFORE they float around in the Internet?
I know of now way to encrypt the password that could subsequently be able to be "consumed" on the target side. The problem with encrypting passwords is that the system that is going to use the password has to know how to de-crypt them. Rather than encrypting passwords you might want to investigate the use of Kerberos and EIM to provide a single-sign-on solution. V5R3 adds numerous enhancements to this function. Extensive information on this can be found at IBM's Information Center at or in my newly released book co-authored with Pat Botz – Experts' Guide to OS/400 and i5/OS Security available at The Learning Center.
MORE INFORMATION ON THIS TOPIC
The Best Web Links: tips, tutorials and more.
Search400's targeted search engine: Get relevant information on security.
Ask your systems management questions--or help out your peers by answering them--in our live discussion forums.
Check out this Search400.com Featured Topic: Top ten security tips
Dig Deeper on iSeries system and application security
Related Q&A from Carol Woodbury
Before changing password levels and upgrading operating systems on the AS/400, ensure the clients connecting to the NetServer do not need the old ... Continue Reading
Look in the audit journal (QAUDJRN) on the AS/400 for an authority failure message with the name of the library as the object name. Use the ... Continue Reading
The UPPWEI field corresponds to the password expiration interval field, and its values "0" and "-1" represent the *SYSVAL and *NOXMAX commands. Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.