Encrypted Substitute Password

BlueZone for the iSeries supports a feature called Encrypted Substitute Password.  This feature is enabled on the iSeries (by the iSeries Administrator) by setting QRMTSGN to *Verify.

The end user enters their name and password into the BlueZone Session Configuration.  Upon connection, a negotiation takes place that sends this password securely to the iSeries, bypassing the main iSeries Sign on Screen.  This is especially useful on Local Area Networks where data encryption is not required, but sending passwords in the clear is not desirable.

It can be used when you want to make the sign on process easier or perhaps if you want to provide public access to an iSeries host where it is not desirable or necessary to have end users enter a User Name and Password to gain access.  It also can be used to "force" an encrypted sign on by presenting end users with a User Name and Password Dialog Box.

Use the Display tab in the TN5250E properties dialog to configure the sign on bypass values as shown.  The Program to Call, Initial Menu and Current Library values are optional.

Illustration 8-2

CAUTION!  If the signon bypass fails, the user will be taken to the main iSeries login screen.  This will defeat the purpose of Encrypted Substitute Password because the end user will be able to signon and send their password in the clear.  To prevent this, an "exit" program should be used so that if an end user signs off, the iSeries will automatically force BlueZone to disconnect from the host.

As an option, you can choose to use the Force Encrypted Signon feature by checking the Force Encrypted Signon checkbox as shown:

Illustration 8-3

When you are using the Force Encrypted Signon feature, the End User will be presented with the following signon dialog box each time they launch a BlueZone iSeries Display session.

Illustration 8-4

SEE  BlueZone Help for more information about configuring the iSeries sign-on parameters.