AS/400 System Values
The following are recommendations for changes to AS/400 system values for
use with Webulator/400.
Additional information about AS/400 system values can be found in the AS/400 Work
- Security level of 30 minimum (QSECURITY) (recomended 40)
Security level 30 forces the use of passwords when signing on to the AS/400 and
also enables object based security. This allows you to specifically authorize (or
not authorize) users to work with objects on the AS/400. This allows you to control
access to the AS/400 and access to individual objects on the AS/400.
- Limit QSECOFR (and other key users) to specific devices (QLMTSECOFR)
By changing the QLMTSECOFR system value to indicate that explicit device access is
needed, you can specify the devices where users with *SERVICE or *ALLOBJ special
authority are allowed to sign on. Part of this limitation could be the denial of access
at virtual terminals that are to be associated with Webulator/400. Keep in mind that
you must grant authority to the QSECOFR user profile, and any others with the noted
special authorities, to the devices they will be using (such as DSP01).
- Limit invalid signons (QMAXSIGN)
By setting the QMAXSIGN system value, you limit the number of attempts a user can
make to successfully sign on at a workstation. Once the limit is reached, the action
defined in the QMAXSGNACN system value will be performed on the device and user
- Set QMAXSGNACN to disable the profile
When the limit defined in the QMAXSIGN system value is reached, the AS/400 system
automatically reacts and performs the action defined in the QMAXSGNACN system
value. It is possible to disable the user profile, the device, or both. Obviously, the
option to disable both is the most secure.
- Limit dynamic creation of *VRT devices (QAUTOVRT)
By controlling the virtual devices used for Webulator/400, you can control what users
and functions are allowed at each of those workstations.
The value of this system value also affects other AS/400 products and programs
that require automatic virtual device configuration. This includes TCP/IP TELNET,
5250 display station pass-through, Client Access/400, and other programs that may
use the virtual terminal APIs.