Modifying Firewall Settings for Passthrough Logons

Passthrough logons are considered for distinct or generic request patterns, in which a Source User on a Source System requests to connect to the current system as a Target User.

To modify Firewall settings for a request pattern, enter 1 in the Opt field for that pattern on the Passthrough Security screen (STRFW > 13 > 1) as shown in Setting Additional Controls for Passthrough Logons.

The Modify Passthrough Security screen appears:

​                         ​ Modify Passthrough Security​                           
                                                                                
​ Type choices, press Enter.                                                    ​ 
                                                                                
  ​ Source system . . . . . . .​ ​ RAZLEE2 ​        ​ Name, *ALL              ​       
  ​ Source user . . . . . . . .​ ​ QSECOFR   ​      ​ Name, generic*, *ALL    ​       
  ​ Target user . . . . . . . .​ ​ USRTGT    ​      ​ Name, *SAME, *ANY, F4 for list​ 
​                                                                                
  ​ Time group  . . . . . . . .​ ​           ​      ​ Name, F4 for list​              
                                                                                
  ​ Automatic sign-on . . . . .​ ​ 4​               ​ 1=*ALLOW         ​              
                                                ​ 2=*REJECT        ​              
                                                ​ 3=*FRCSIGNON     ​              
                                                ​ 4=*ALTLOGON      ​              
​ Automatic sign-on parameters for *ALTLOGON:​                                    
  ​ User profile  . . . . . . .​ ​ ALTUSER   ​      ​ Name, F4 for list​              
  ​ Initial program . . . . . .​ ​ INLPGM    ​                                      
  ​ Initial menu  . . . . . . .​ ​ INLMNU    ​                                      
  ​ Current library . . . . . .​ ​ QGPL      ​                                      
                                                                                
​                                                                                
​ F3=Exit​  ​ F4=Prompt​  ​ F12=Cancel​                                               
                                                                                
​                                                                                
​

Enter values for the following fields:

Source System

The name of the system from which the user is logging on. This can be a single name or generic* name or *ALL for all systems for which there are no more specific rules.

Source User

A user name from the remote system. This can be a single name or generic* name or *ALL for all users for whom there are no more specific rules.

Target User

The user on the current system as whom the remote user would like to log on. This can be a single user name, *SAME to connect as the same user, or *ANY for any user name. For a list of known users, press the F4 key.

Time group

If set, passthrough logons by this user and group can only be made during the times defined for this time group (as shown in Defining Time Groups).

Automatic Sign-on

How Firewall reacts to the sign-on attempt. Possible values include:

1: *ACCEPT: Accept logon request
2: *REJECT: Reject logon request
3: *FRCSIGNON: Force the user to sign on even if the system is configured to accept an automatic signon.
4: *ALTLOGON: Automatically logon with parameters as set below.

If you are using *ALTLOGON, as indicated in IBM documentation, the user takes on a different identity, including that user's authority settings. Set the section of the screen labeled Automatic sign-on parameters for *ALTLOGON: to appropriate values.

After entering information in these fields, press the Enter key.