I have an application on the iSeries that can either be accessed via green screen or by Web access using the HTTP server. I have individual user profiles for all users.
If a user accesses the application via the green screen, the UPPSOD previous sign-on date: YYMMDD field is updated with the user's last sign on date. If a user accesses the application via the web, the UPPSOD field is not updated. I run queries over the user profile file to determine who is using their IDs and who isn't and deactivate accordingly. With this field being left blank, the assumption is that the user isn't using their ID. I found out the hard way that this isn't always the case.
I called IBM support about this problem, but the only thing they could suggest was to check the daily HTTP audit logs to see if the user has signed in. I may have 10-100 users to check for a given period, so this isn't a workable option. This is a very serious security issue for me and any advice will be appreciated.
I would try looking at the Last Used Date of the profiles. This is one of the fields that the OS/400 Analyze Profile Activity function looks at (it also looks at the creation date, restoration date and last sign on date.) The last sign on date is only updated when the user actually signs on the system using a sign on screen. However, interfaces such as the Web server and FTP use an interface that will cause the Last Used Date to be updated. The Last Used Date is also updated when a user signs on so this field should give you an accurate representation of which profiles are truly "inactive."
MORE INFORMATION ON THIS TOPIC
The Best Web Links: tips, tutorials and more.
Search400's targeted search engine: Get relevant information on security.
Ask your systems management questions--or help out your peers by answering them--in our live discussion forums.
Check out this Search400.com Featured Topic: Top ten security tips
Dig Deeper on iSeries system and application security
Related Q&A from Carol Woodbury
Before changing password levels and upgrading operating systems on the AS/400, ensure the clients connecting to the NetServer do not need the old ... Continue Reading
Look in the audit journal (QAUDJRN) on the AS/400 for an authority failure message with the name of the library as the object name. Use the ... Continue Reading
The UPPWEI field corresponds to the password expiration interval field, and its values "0" and "-1" represent the *SYSVAL and *NOXMAX commands. Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.