The Four Hundred

Newsletters

Subscriptions

Media Kit

About Us

Contact

Search

Home

OS/400 Edition
Volume 12, Number 32 -- August 18, 2003

Admin Alert: PC5250 Communication Sign-On Tricks

by by Joe Hertvik

Sometimes the hardest thing about using IBM's iSeries Access and Client Access products is getting PC5250 connections straight. There are a few simple, but critical, parameters to set. If the values aren't set right, your users might become frustrated or you might open a security hole when a PC5250 session is started. This week, I'll look at four key PC5250 connection settings and show you some simple ways to handle them.

I tested these techniques with Client Access Express for Windows V5R1, running a recent-level service pack. Most of these techniques should also be available in other Client Access and iSeries Access for Windows products.

The first key to achieving a successful connection is providing the user profile ID that Client Access will use to start a PC5250 session with your target box. In PC5250, this information is entered on the "sign-on to AS/400" input form, and OS/400 presents the user with a 5250 sign-on green-screen only after it receives a valid user profile and password from that form.

When you first configure a PC5250 session from the Start or Configure Session utility, you are prompted for sign-on to AS/400 input form defaults on the "AS/400 sign-on information" form. On this form, you choose how user profile sign-on information will be entered when starting your target PC5250 session. The form provides you with three choices:

Use Windows user name and password, without any prompting. By specifying this option, PC5250 simply takes your Windows sign-on information and passes it to your AS/400, to try to establish the session connection. If OS/400 accepts these values, you'll automatically be presented with a 5250 sign-on screen without displaying the sign-on to AS/400 screen. This default works well if your iSeries or AS/400 user profiles and passwords match your Windows user names and passwords.
Use default user ID, prompt as needed. From here you can enter a specific user profile that will always be used to make the connection. When you select this option and enter a user profile, PC5250 automatically inserts that user profile into the sign-on to AS/400 form when you start your session. After you enter the proper password for the user profile entered, PC5250 will present you with a sign-on screen.
Prompt every time. This selection prompts you to enter both the user profile and its corresponding password on the sign-on to AS/400 form. It uses no defaults.

These values are defaults that can be changed as you start your PC5250 session. When you want to change the defaults, there is a trick you need to know. Because these values can be used for other Client Access or iSeries Access functions, they aren't changeable from PC5250; you have to change them from iSeries Operations Navigator.

To specify different sign-on to AS/400 default values, open OpsNav and right-click the node representing the OS/400 connection your PC5250 session is attaching to. Select Properties, from the pop-up menu that appears, and you'll see a Properties screen for that particular iSeries or AS/400 environment. Click the Connection tab, on the Properties screen, and a Connection screen appears, where you can change your sign-on to AS/400 form defaults. Knowing this comes in handy when you want to change the defaults after you reassign a particular computer from one user to another during an office move or a job change.

Another critical PC5250 connection value is the Autoconnect option found on the Communication drop-down menu of the PC5250 menu bar. If you open that menu, you will see that Autoconnect is nothing more than a checked option that can be turned on or off. When turned on (checked), your PC5250 session automatically attempts to connect to your target iSeries or AS/400 whenever you open its PC5250 session file. If Autoconnect is not checked, you have to manually start the PC5250 session connection to your target AS/400 by clicking Communication, Connect, from the PC5250 menu bar. The default is on (checked), but sometimes OS/400 administrators get calls from users stating that their PC5250 session no longer automatically connects when they open the session. If that's the case, check the Autoconnect value on your user's PC5250 session.

A third not-so-critical option, but one that is nice to use, is the Auto-reconnect checkbox, found on the Configure PC5250 screen (which can be reached by selecting Communication, Configure, from the PC5250 menu bar). When turned on (checked), your PC5250 session automatically tries to reconnect to your iSeries or AS/400 system if the session is abnormally ended. An abnormal shutdown can be caused by anything from a network error to a scheduled outage for backup, so this setting comes in handy.

The final PC5250 connection value to think about is the Bypass Signon checkbox, which can also be found in the Configure PC5250 screen (select Communication, Configure, from the PC5250 menu bar). When this box is checked and OS/400's Remote Signon (QRMTSIGN) system value is set to *VERIFY, PC5250 will bypass the OS/400 green-screen sign-on screen and use the user profile and password values entered on the sign-on to AS/400 input form to start an interactive job for this session.

While Bypass Signon may be convenient to your users, because it cuts down on user profile and password entries, it does present a possible security breach if you also selected "Use Windows user name and password, without any prompting" as your sign-on to AS/400 form default. With these two PC5250 features active, any user can start a PC5250 interactive job simply by opening the target PC5250 configuration file, without entering a password at all. Because of this possibility, many shops and auditors don't recommend using these features in tandem, and many people frown on using Bypass Signon at all.