IBMメーカーSafenet/400の使用説明書/サービス説明書
ページ先へ移動 of 172
SAFENET/400 REFERENCE GUIDE Version 8.50 2008 MP Associates of Westchester, Inc..
How to contact us Direct all inquiries to: Kisco Information System s 89 Church Street Saranac Lake, New York 12983 Phone: (518) 897-5002 Fax: (518) 897-5003 SafeNet/400 Website: http://www.kisco.com/safenet SafeNet/400 Support Website: http://www.kisco.
TABLE OF CONTENTS CHAPTER 1 - SETTING UP USERS ..................................................................................... 1.1 S ETTING THE U SER L OGGING L EVELS ..............................................................................
CHAPTER 7 - TESTING YOUR SECURITY SETTINGS .................................................. 7.1 T ESTING S AFE N ET /400 SETTINGS BASED ON YOUR HISTORICAL DATA WITH THE ON - LINE TRANSACTION TESTER ...................................................
1.1 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 SafeNet/400 Reference Guide Chapter 1 - SETTING UP USERS Navigating through the screens You can perform each of the steps outlined in this chapter by using the corresponding option on the SafeNet/400 Main Menu .
1.2 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Setting the User Logging Levels The valid logging levels are: Logging Level A Log all transacti.
1.3 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 SafeNet Administrator You can set up a SafeNet/400 Administrator, or ‘Super Admin’ from the SafeNet/400 Special Jobs Menu or by using the WRKSNADM command.
1.4 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Super Trusted User Control Under special circumstances it may be necessary to have a user that should not be checked through all the SafeNet/400 security routines.
1.5 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Entering User Security Levels If you plan on setting any of the Server Functi ons to Level 3 or.
1.6 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Type 1 in the Option column in front of each serv er th is user will have access to.
1.7 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Entering User Authorities to Objects Once you have given the user access to the servers, th e next step is to ente r the level of authority the user has to objects on the System i5 if you plan on setting any of the servers to Level 4.
1.8 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 4. In the Library or Folder column, enter the name of the library or folder, then TAB to the Object or Sub-Flr column and type in the name of the object or sub-folder.
1.9 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 5. For Data Rights, type an X under the appropriate level of authority. Place an X for each data right that applies. 6. For Existence Rights, type an X if this user will be able to create, delete or m ove an object.
1.10 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Exclusions To give all users read access to all objects in all libraries, but exclude them from any objects in the PAYROLL library, give *PUBLIC READ aut hority to the library and exclude *PUBLIC from the PAYROLL library.
1.11 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 If the PAYDEPT profile needs to use objects in the PAYROLL library, grant user profile PAYDEPT READ authority to the PAYROLL library. This individua l authority overr i des the *PUBLIC authority.
1.12 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Entering User Authorities to SQL Statements If you are going to set the SQL servers to Level 4 only, the next st ep is to authorize us ers to the SQL Statements they may need.
1.13 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 If you would like to see the list of a ll users who have been defined within SafeNet/400 , press F2. 5. When finished making all your selections, ENTER .
1.14 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Entering User Authoriti es to FTP Statements Next you must authorize users to the FTP Statemen ts they may need if you are going to set the FTP S erver or FTP Client to Level 4.
1.15 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 If you would like to see the list of a ll users who have been defined within SafeNet/400 , press F2 .
1.16 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Name Format *LIB indicates that the user sees stan dard Library/Object OS/400 style names *PATH displays PC or *UNIX styl e file and directory names.
1.17 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Entering User Authorities to CL Commands Next, if you plan on setting the FTP, DDM or Remote Command Servers to Level 4, you must authorize users to the CL commands they may need.
1.18 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 To remove authorization to a command, FIELD EXIT through the line to blank it out. If you would like to see the list of a ll users who have been defined within SafeNet/400 , press F2 .
1.19 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Entering Long Path Names The default SafeNet/400 setting is to use long path nam es. If you choose to not use long path name support, you must first change the SafeNet/4 00 default setting.
1.20 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 4. Enter the paths that the user is authorized to. Paths can be entered up to 256 positions in length, although only the first 60 positions are shown on the display.
1.21 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Copying an Existing User to Set Up a New User in SafeNet/400 This will allow you to copy the authorities and settings from one user to another within SafeNet/400 .
1.22 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Maintain all Security for a User The WRKUSRSEC command, which is not found on any of the SafeNet/400 menus, gives you the ability to perform security m aintenance fo r an individual user withou t entering several different commands.
1.23 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Setting up Time of Day Controls If you want to exclude users from server functi ons based on the day of th e week or the tim e of day, use Time of Day controls.
1.24 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 To set up the Time of Day cont rols for a specific user, use Option 2 – Work with User to Server Security from the SafeNet/400 Main Menu or the WRKUSRSRV command.
1.25 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 You can define up to three time ranges and can select which days to exclude by typing X in front of the day. You can also define holidays that will be used to control Time of Day access.
1.26 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008.
2.1 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Chapter 2 - SETTING UP SERVERS The final step in configuring SafeNet/400 is to enter the Security Lev e l settings for all the server functions.
2.2 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 SafeNet/400 Server Function Security Levels Level 1: IBM default Unlimited access.
2.3 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Level 5: This indicates that SafeNet/400 does not recognize a program assigned to the exit point or has detected a user-defined program assigned.
2.4 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Setting the Server Function Logging Levels The valid logging levels are: Logging Level A Log al.
2.5 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Basic Server Security - Supported by all Servers Level 1 - IBM Default Level 2 - No access to s.
2.6 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Recommended Server Settings Server Description Recommended Setting Central Server - client mana.
2.7 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Server Description Recommended Setting Distributed Data Management Level 3, Log All - Limit use.
2.8 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Server Description Recommended Setting Original Message Server Level 1, Log None Original Remot.
2.9 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Entering Server Function Security Levels 1. From the SafeNet/400 Main Menu select Option 1 - Work with Server Security Settings or use WRKSRV comma nd The Maintain Server Security screen is displayed.
2.10 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 3. When you have finished entering information for all the servers, press ENTER. The screen is refreshed and any ch anges you made are reflected in the Current columns.
2.11 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Customer Exit Programs If you would like to use your own progr ams over these server exit points, F18 on the Maintain Server Security screen give s you the ability to do so.
2.12 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008.
3.1 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Chapter 3 - TELNET, TCP/IP ADDRESS CONTROLS Setting up TELNET TELNET control features are supported only when the server is set to Level 3.
3.2 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Controlling TELNET Access by IP Address 1. Set the TELNET server to Level 3 using the WRKSRV command.
3.3 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Setting the Required Password Type This field must be set if the TELNET Server is set to Level 3. You mu st enter the appropriate setting for ALL TELNET IP address controls.
3.4 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Allow Auto Signon 1. Use the WRKSRV command to set the TELNET server to Level 3 2. Use the WRKTCPIPA *TELNET command to enter the IP address allowed for auto signon 3.
3.5 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Logging of TELNET Sessions Under normal signon conditions (no auto signon a llowed), each request for a TELNET session is logged into the transaction hist ory file (TRAPOD) by IP addre ss, and a user name of QSYS.
3.6 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Setting up TCP/IP Address Controls SafeNet/400 allows you to specify which client IP a ddresses are either ac cepted or rejected by the Telnet and the FTP Servers .
3.7 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Setting up TCP/IP Address Control Table 1. Use SafeNet/400 Main Menu Option 7 or the WRKTCPIPA command 2. In IP Addresses for Server enter *FTPSERVER, *FTPCLIENT or *TELNET for the proper control table.
3.8 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008.
4.1 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Chapter 4 - SETTING UP FTP Anonymous FTP Logon To set up for Anonymous Logon, you must fill in the special FTP settings, and set the FTP Logon Server to Level 3 and the FTP Server Validation to Level 4.
4.2 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Set the parameters f or CHGFTPSET command as follows.
4.3 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 GUEST Allow Anonymous GUEST Password *YES *NO To allow Anonymous user logins with the password of GUEST, enter *YES here. You can choose GUEST or use an E-mail address.
4.4 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 password of *NONE and *USER for the profile type .
4.5 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Setting up for ANONYMOUS FTP Example 1. Create a user profile on the System i5 called ANONYMOUS, with password *NONE and user class *USER, and set the Current Library.
4.6 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 If using long path support, use the WRKUSRPTH command to enter th e correct path or paths for ANONYMOUS.
4.7 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Setting up for Normal User IDs and FTP Servers Example 1. From the Special Jobs Menu select Option 3 - Change Special FTP Security Settings or use CHGFTPSET command 2.
4.8 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008.
5.1 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Chapter 5 - DHCP Controls and Reporting Dynamic Host Configuration Protocol DHCP allows clients to obtain IP network configuration, including an IP address, from a central DHCP server.
5.2 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Working with DHCP DHCP functions are performed from the DHCP Control and Reports Menu . From the SafeNet/400 Main Menu select Option 13 – Go To DHCP Menu The DHCP Control and Reports Menu appears.
5.3 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Current DHCP Activity To see current status, from the DHCP menu select Option 1 – Display Cur.
5.4 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Move your cursor to the name you want to change in the Editable Names column. Press ENTER to record the change. To use this function make sure you are looking at the Currently Active D HCP Addresses Bound screen.
5.5 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Maintaining MAC Addresses From the DHCP menu selec t Option 5 – Manually Maintain MAC Addresses to User Names This operates as a standard OS/400 DFU program.
5.6 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Fixed IP Addresses To assign IP addresses to devices, from the DHCP Menu select Option 6 – Ma.
5.7 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Purging Expired DHCP Lease Information The Expired or Released DHCP address information is cum ulative and will remain in the system until you purge it.
5.8 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Ping Checker You can use this option to ping a single IP address or a range of addresses. From the DHCP Menu select Optio n 10 – IP Address Range Ping Checker Enter the range of IP addre sses that you want to ping.
6.1 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Chapter 6 - REPORTS SafeNet/400 reports are grouped in to two categories: Setup Reports provide information on server settings, us er authorities to servers and to data, etc.
6.2 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Setup Reports These reports are accessed through the SafeNet/400 Main Menu, Option 11 – Go to Setup Reports Menu ( GO SN3 command) 1. Server Status Prints each Server Function and its security level setting 2.
6.3 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Usage Reports These reports are accessed through the SafeNet/400 Main Menu, Option 12 – Go to Analysis Reports Menu ( GO SN4 command) .
6.4 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008.
7.1 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Chapter 7 - TESTING YOUR SECURITY SETTINGS Once you have planned your server function Security Level settings, SafeNet/400 gives you a method to test the settings to make sure they wi ll provide the level of secu rity you anticipate.
7.2 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Testing SafeNet/400 settings based on your historical data with the on-line transaction tester This is the preferred method if you would like immediate feedback.
7.3 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 3. In the Security Levels to Check field: Type C (Current) to test tr ansactions with your pres.
7.4 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 4. When you press ENTER and a transaction that meets your selection criteria is found, the On- Line Transaction Testing Mode screen is displayed.
7.5 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Additional command keys are shown when rejections are displayed. These additional command keys will allow you to work directly with the appropriate user setting based on the rejection code.
7.6 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Batch Transaction Test Review/Re port – Security Report by User You can use this batch report to test all the hi storical transactions th rough current and future control file settings.
7.7 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 2. Select the servers to include in the report * ALL - all servers * DEFAULT - ba.
7.8 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Page Down if you would like to print the report to an output f ile. When you have finished making your selections, ENTER to submit the re port to batch.
7.9 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Recommended approach to testing A recommended approach to using the On-Line Transaction Testing program is: 1. Set all of the important s erver functions to Security Level 1, Log All.
7.10 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 PCREVIEW Use the PCREVIEW command or Option 9 - On-Line Transaction Review from the SafeNet/400 Special Jobs Menu to review each transaction logged by SafeNet/400 .
7.11 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 The On-Line Transaction Review Mode screen is displayed, supplying more detailed information about the specific transaction.
7.12 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008.
8.1 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Chapter 8 - BACKUPS AND PURGES Log file Purge When SafeNet/400 is logging client requests, the informa tion is kept in the TRAPOD file in library PCSECDTA.
8.2 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 To perform a standard purge 1. Backup the TRAPOD file to tape, if desired. You will need to issue the ENDTRP command BEFORE beginning the backup. 2.
8.3 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 To purge the log and archive the records 1. Select Option 8 from the Special Jobs Menu or use the STRPRGARC command. 2. Enter the number of days to retain inform ation in the TRAPOD file or enter the date to purge through.
8.4 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Automating the log file purge To automatically purge the log file, a rchive th e purged records.
8.5 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Automating and Running the Security Report and the Log File Purge Together Use this method to automate both the SafeNet/4 00 Security Report and the Log File Purge.
8.6 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 This example runs the Log File Purge and re tains only 1 day of data in the file. Saturday 1. Run security report and s ee entire contents of log PRTSECRPT 2.
8.7 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Daily Backup Procedure Modify your daily backup procedure to follow these guidelines: 1. Enter command CHGSPCSET LOGALL(*NO) This prevents SafeNet/400 from attempting to log requests 2.
8.8 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008.
9.1 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Chapter 9 - DE-ACTIVATING AND REMOVING SAFENET/400 You must be signed on as a Super Admin in Sa feNet/400 to perform any Activate/De-Activate processes.
9.2 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 To activate or de-activate SafeNet/400: Remember, you must be a SafeNet/400 Super Adm in to perform this step.
9.3 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Removing SafeNet/400 from your system If it becomes necessary to completely rem ove SafeNet/400 from your System i5, follow these steps. 1. Sign on to the System i5 as QSECOFR or SAFENET.
9.4 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008.
10.1 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Chapter 10 - PROBLEM DETERMINATION If SafeNet/400 is not working properly, there are a few general things to check. Error Message Received on the System i5 1.
10.2 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 5. Have you made changes to server function S ecurity Levels or us er authority tables? If a particular request was working, a nd now it is not, make sure you have not inadvertently disabled a server function or revoked authorities from a user.
10.3 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Error Message Received on the Client If you receive an error message indicating a probl em wit.
10.4 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 If you are unsure that SafeNet/400 is the source of the problem 1.
10.5 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 If you receive a message on the System i5 about a SafeNet/400 or PCSECLIB program, or you stil.
10.6 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 If you still cannot resolve the problem 1. Check all the joblogs for the jobs in the subsystems: QSYSWRK QSERVER 2. You may have to change the QDFTJOBD job de scription to capture th e joblogs of certain jobs initiated by client requests.
10.7 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Examples of Client Error Messages Some common error messages you may see on a W indows95 client: This message was received on the client when th e server function was set to Level 2 - Function Disabled/No Access.
10.8 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 This message was received on the client when th e user was no t authorized to the SQL Select statement.
10.9 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Error Codes which Appear in the Log 1 Accepted 0 Rejected Reason unavailable A Rejected Server.
10.10 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 R Rejected Auto-signon requires password S Rejected TELNET requires password T Rejected Encry.
10.11 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Additional Troubleshooting Tips PCREVIEW Command Use the PCREVIEW commands to easily view hist orical network transac tions. You can select various filters to display only the records from the log file you are interested in.
10.12 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008.
11.1 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Chapter 11 - SPECIAL SAFENET/400 CONSIDERATIO NS This section contains information on procedures that will help you manage and autom ate certain SafeNet/400 functions.
11.2 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Follow the instructions to de-activate the pr ogram found in Chapter 9 in this guide, ‘De- activating and Removing SafeNet/400’. 6. Re-activate SafeNet/400 Select Option 6 - Activate/De-Activate SafeNet/400 7.
11.3 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Pre-Power Down Program Point You can create a power down CL program to be called whenever the PWRDWNSYS command is issued. SafeNet/400 will call this program and log the request whenever the command is processed.
11.4 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Using Automatic Alert Notification Alert notification contin ually monitors network activity and can issue warning m essages to up to five different message queues whenever an attemp t is made to access an unauthorized server or object.
11.5 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Activating SafeNet/40 0 Alert Notification 1. From the SafeNet/400 Special Jobs Menu select Option 7 - Change Alert Notification Status or use the CHGNOTIFY command and press F4 .
11.6 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Profile Swapping Profile Swapping allows you to assign an alternate or a "swapped" user prof ile to be interrogated by SafeNet/400 and passed to OS/400 for security lookups.
11.7 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Setting up a Swap Profile Make sure that you have set the SWAPU parameter on the CHGSPCSET command to allow profile swapping. Then follow these step s to set up your alternate profiles.
11.8 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Journaling SafeNet/400 Security Files You may wish to journal all changes made to any of the SafeNet/400 security fi les for audit purposes. Three programs are provided to assist with the journaling process: 1.
11.9 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Files Contained in SafeNet/400 These files are available for you to use for any addition al reporting requirements you m ay have. All are located in library PCSECDTA.
11.10 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 TRAPOD File All logged network requests are placed in this fi le. This file will grow significantly ov er tim e, depending on network traffic. Be sure to pay cl ose attention to its size and establish a schedule to purge records.
11.11 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 SafeNet/400 Commands Commands Description ADDSNADM Maintain SafeNet administrators ADDSNUSR A.
11.12 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Commands Description PRTSQLUSG Reports SQL statement usage and auto-enro llment PRTSRVUSG Reports server usage and auto-enrollment RMVSNUSR Removes a user from all SafeNet/400 enrollments RMVSNUSR1 Removes all profiles not defined to OS400.
11.13 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Commands Description WRKSWPPRT Work with Swap Pr ofiles WRKTCPIPA Work with TCP/IP address co.
11.14 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008.
12.1 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Chapter 12 - SERVER FUNCTION DESCRIPTIONS This section lists all the current System i5 serv er functions, their descriptions and information on how they are used.
12.2 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Original Servers These servers have been provided by IBM sin ce PC Support/4 00 became available. Support for these original servers was designe d f or and is still used to service the orig inal c lients: DOS, Extended DOS and OS/2.
12.3 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Distributed Data Management Description: Distributed Data Management - 100 Security checking is performed when a remo te user or system accesses a System i5 file or issues an incoming remote comm and via DDM.
12.4 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 3. For Version 4 of SafeNet/400 , if *DDM is set to Level 4, yo u must auth orize each user to the CL commands they may issue to the System i5. 4.
12.5 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Original Data Queue Server Description: Original Data Queue Server - 100 A data queue is a System i5 object that is used by System i5 application programs for communications.
12.6 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Original Transfer Function Server Description: Original Fi le Transfer Function - 100 The Client Access transfer functi on transfers data between th e Sy stem i5 system and a personal computer.
12.7 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 4. Full control of library, object and data rights allowed. 5. At Level 4, to select or extrac t a list of objects from within a lib rary, you must enter the name of the library and use *ALL in the Object or Sub-Flr column.
12.8 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Original License Management Server Description: Original License Management Server - 100 The license management server ensures valid lice nses are available for Client Access, IBM and non-IBM licensed applications when requested fro m a client.
12.9 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Original Message Server Description: Original Message Server - 100 The message function server allo ws users to communicate with each other by sending messages.
12.10 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Original Remote SQL Server Description: Original Remote SQL Server - 100 The remote SQL server processes requests that ar e received from Client A ccess products that are using the high-level language remote SQL API.
12.11 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Original Virtual Print Server Description: Original Virtual Print Server - 10 0 The virtual print server is used to print data fr om PC application program s on System i5 printers.
12.12 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Example 2: To grant authority to only th e PAYROLL printer, enter: Library or Folder Object o.
12.13 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Optimized Servers This server support, provided by IBM with C lient Access (now iSeries Access for W indows) beginning with OS/400 Version 3 Release 1, servi ces optimized clients: W indows 3.
12.14 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Central Server - Client Management Description: Central Server - client mgmt - 100 The central server provides the ab ility to update the client mana gement database on the System i5.
12.15 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Central Server - Conversion Map Description: Central Server - conversion map - 100 The central server provides support for retrieving conversion maps for clients that need them.
12.16 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Central Server - License Management Description: Central Server - license mgmt - 100 The lice.
12.17 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 DB2 for System i5 Database Access Request - DRDA Description: DRDA DB2/400 Database Access Request This server is used whenever a client requests a DRDA conversation connection.
12.18 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Database Server - Data Base Access - 100 Description: Database Server - data base access - 100 This server function manipulates data base files on the System i5.
12.19 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Database Server - Data Base Access - 200 Description: Database Server - data base access - 200 This server function enables th e addition of library list entries .
12.20 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Database Server - Entry Description: Database Server - Entry - 100 This server function is used at se rver initiation request. It is the request that always comes first.
12.21 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Database Server - Object Information - 100 Description: Database Server - object information - 100 This server function is used for requests to retr ieve information about certain objects from the data base server.
12.22 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Notes: 1. List retrievals from *USRLIBL automatically allowed. 2. Data rights enforced. 3. At Levels 3 and 4 users must be authorized to the server function.
12.23 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Database Server - Object information - 200 Description: Database Server - object information .
12.24 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Database Server - SQL Access Description: Database Server - SQL access - 100 Database Server – SQL access – 200 (for V4R1 and above) This server function is used when certain SQL re quests are received for the data base server.
12.25 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Notes: 1. At Levels 3 and 4 users must be authorized to the server function. 2. At Level 4 the user must be authorized to the OBJECT/LIBRARY and the SQL statem ent.
12.26 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Data Queue Server Description: Data Queue Server - 100 A data queue is a System i5 object that is used by System i5 application programs for communications.
12.27 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 DHCP Address Binding Notify Description: DHCP Address Binding Notification - 100 This server assigns IP addresse s to specific client hosts.
12.28 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 DHCP Address Release Notify Description: DHCP Address Release Notification - 100 This server releases an IP address from its specific client host assignment binding.
12.29 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 File Server Description: File Server - 100 The file server function allows clients to store and access information, such as files and programs, on the System i5 in various formats.
12.30 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Library or Folder Object or Sub-Folder *ALLFLR *ALL To enter *ALLFLR/ * ALL you must be signed on as QSECOFR. Proper Data Rights must be selected also.
12.31 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 3. At Level 4, to authorize a user for access to a non-IBM folder within the QDLS file system (shared folders), you must enter two r ecords in the OBJECT/USER security file.
12.32 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 systems Qopensys, Qfilesys.400 and home , key in the first 10 positions o f each file system name only. Example: Network Request: /Qfilesys.400/ QSYS.
12.33 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 FTP Client Request Validation Description: FTP Client Request Validation This function is used whenever the System i5 is a client, issuing FTP commands to a remote system.
12.34 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Using FTP Client: Sending an object to a remote system An FTP PUT of object ABC in an FTP Client session requires *READ authority to object ABC on the local machine.
12.35 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 FTP Logon Server Description: FTP Logon Server 1 - 100 This server is used any time the System i5 answ ers an FTP start request from another system or user.
12.36 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 FTP Logon Server Description: FTP Logon Server 2 - 200 This server is used any time the System i5 answ ers an FTP start request from another system or user.
12.37 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 FTP Logon Server Description: FTP Logon Server 3 – 300 This server is used any time the System i5 answ ers an FTP start request from another system or user.
12.38 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 FTP Server Request Validation Description: FTP Server Request Validation This function is used whenever the System i5 receives an FTP comm and it must act upon.
12.39 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Network Print Server - Entry Description: Network Print Server - entry - 100 This server function is used when the network print server is started.
12.40 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Network Printer Server - Spool File Description: Network Print Server - spool file - 100 This server function is used af ter the network print server rece ives a request to proces s an existing spooled output file.
12.41 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Pre-Power Down Description: Pre-Power Dow n Server This program is called whenever the PW RDW.
12.42 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 Remote Command and Distributed Program Call Server Description: Remote Command/Program Call -.
12.43 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 REXEC Logon Server Description: REXEC Logon Server 1 - 100 This server is used to validate a client request to start the REXEC Server. It is available in all versions of OS/400.
12.44 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 REXEC Logon Server Description: REXEC Logon Server 2 - 200 This server is used to validate a client request to start the REXEC Server . It is available in OS/400 versions V5R1 and above.
12.45 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 REXEC Request Validation Server Description: REXEC Request Validation Server This server is initiated whenever a client issues a REX statement to the Sy stem i5.
12.46 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 ShowCase Strategy** Validation Server Description: Showcase Strategy Validation Server This server is initiated by a client utilizi ng the Showcase Strategy** produ ct with the proper exit point added to OS/400.
12.47 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 TCP Signon Server Description: TCP Signon Server - 100 The signon server provides security for clients th at use TCP/IP communications support.
12.48 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 TELNET Device Initialization TELNET Device Termination Description: TELNET Device Initialization - *TELNETON TELNET Device Term ination - *TELNETOFF The TELNET servers provide for security when using TCP/IP and TELNET clients.
12.49 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 TFTP Server Request Validation Description: TFTP Server Request Validation Clients utilizing TFTP (Trivial File Transfer Protocol), such as the IBM Net Station use this server.
12.50 SafeNet/400 Reference Guide Copyright 2008 MP As sociates of Westch ester, Inc. V8.50 - May 2008 User Profile Servers Description: Add User Profile Change User Profile Delete User Profile Restore User Profile These servers are called each time a user profile command is issued.
INDEX A Administrator ...................................................................... 1.3 Alert notification ........................................... 11.4, 11.5, 11.11 Anonymous ................................................... 4.1, 4.2, 4.
U User Profiles *PUBLIC .......... 1.5, 1.7, 1.10, 1.11, 1.12, 1.14 , 1.17, 1.19 Group ............................................................................ 1.1 Swapping ................................................ 10.10, 11.6, 11.7 Users Copying .
デバイスIBM Safenet/400の購入後に(又は購入する前であっても)重要なポイントは、説明書をよく読むことです。その単純な理由はいくつかあります:
IBM Safenet/400をまだ購入していないなら、この製品の基本情報を理解する良い機会です。まずは上にある説明書の最初のページをご覧ください。そこにはIBM Safenet/400の技術情報の概要が記載されているはずです。デバイスがあなたのニーズを満たすかどうかは、ここで確認しましょう。IBM Safenet/400の取扱説明書の次のページをよく読むことにより、製品の全機能やその取り扱いに関する情報を知ることができます。IBM Safenet/400で得られた情報は、きっとあなたの購入の決断を手助けしてくれることでしょう。
IBM Safenet/400を既にお持ちだが、まだ読んでいない場合は、上記の理由によりそれを行うべきです。そうすることにより機能を適切に使用しているか、又はIBM Safenet/400の不適切な取り扱いによりその寿命を短くする危険を犯していないかどうかを知ることができます。
ですが、ユーザガイドが果たす重要な役割の一つは、IBM Safenet/400に関する問題の解決を支援することです。そこにはほとんどの場合、トラブルシューティング、すなわちIBM Safenet/400デバイスで最もよく起こりうる故障・不良とそれらの対処法についてのアドバイスを見つけることができるはずです。たとえ問題を解決できなかった場合でも、説明書にはカスタマー・サービスセンター又は最寄りのサービスセンターへの問い合わせ先等、次の対処法についての指示があるはずです。