specific IP



TSO Programming, ISPF, SDF, SDSF and PDF, FTP, TCP/IP Concepts, SNA & SNA/IP etc...

specific IP

Postby mehi1353 » Mon Jul 09, 2012 5:26 pm

Hi all,

Is it possible to restrict the TSO logon of a userid to his/her specific IP address? (impossible tso logon from another IP address)


best regards,

Mehrdad Rastgar,
Bank Mellat,
Tehran,IRAN
mehi1353
 
Posts: 39
Joined: Sun Jan 11, 2009 4:51 pm
Has thanked: 0 time
Been thanked: 0 time

Re: specific IP

Postby dick scherrer » Mon Jul 09, 2012 7:42 pm

Hello,

Suggest you talk with your system support people.

Most places i've been for years use dynamic ip addresses. . .

If the person is the person, why should the system care which terminal happens to be used? Many places Do restrict an id to logging on to only one terminal at a time.
Hope this helps,
d.sch.
User avatar
dick scherrer
Global moderator
 
Posts: 6268
Joined: Sat Jun 09, 2007 8:58 am
Has thanked: 3 times
Been thanked: 93 times

Re: specific IP

Postby jaggz » Sat Jul 14, 2012 8:57 am

Hi,

To Restrict to a specific IP,Yes Network People Can enforce Firewall to prevent accessing a specific IP address.

Is that you are Looking for ?? If not Could you please describe your need in detail.
User avatar
jaggz
 
Posts: 356
Joined: Fri Jul 23, 2010 8:51 pm
Has thanked: 8 times
Been thanked: 5 times

Re: specific IP

Postby dick scherrer » Sat Jul 14, 2012 9:22 am

Hello,

I believe TS question is the other way around.

If i understand the question, the goal is to restrict a user to only one terminal (ip address).
Hope this helps,
d.sch.
User avatar
dick scherrer
Global moderator
 
Posts: 6268
Joined: Sat Jun 09, 2007 8:58 am
Has thanked: 3 times
Been thanked: 93 times

Re: specific IP

Postby mehi1353 » Sat Jul 14, 2012 10:27 am

hi all,

Yes.I want to limit the TELNET of every user to his/her tcp/ip station.

besed on IBM books,I used this commands:(for example:limit auser1 to use TELNET only from ip address 172.20.149.8)

SETROPTS TERMINAL(READ)
SETROPTS CLASSACT(TERMINAL) RACLIST(TERMINAL)
RDEFINE TERMINAL AC149508 UACC(NONE)
SETROPTS RACLIST(TERMINAL) REFRESH
PERMIT AC149508 CLASS(TERMINAL) ID(AUSER1) ACCESS(READ)
SETROPTS RACLIST(TERMINAL) REFRESH

But it didn't work in my system.

any other idea?

best regards,
Mehrdad
mehi1353
 
Posts: 39
Joined: Sun Jan 11, 2009 4:51 pm
Has thanked: 0 time
Been thanked: 0 time

Re: specific IP

Postby steve-myers » Sat Jul 14, 2012 11:20 am

There is the idea of restricting TSO access by VTAM terminal ID, but it is rarely used. I've never heard of using an IP address for this purpose. I believe others have already said it's a dumb idea, since workstations seldom have fixed IP addresses, and even if they have fixed IP addresses at your site, users often want to be able to logon from other workstations or from home using a VPN type interface to actually access your site's network.

I think this idea needs some serious rethinking.
steve-myers
Global moderator
 
Posts: 2105
Joined: Thu Jun 03, 2010 6:21 pm
Has thanked: 4 times
Been thanked: 243 times

Re: specific IP

Postby dick scherrer » Sat Jul 14, 2012 11:27 am

Hello,

Why does someone believe this "ip address restriction" is worth investigating? If a user is at my desk or i am at some user's desk, why does it matter if one of us log on via the "other person's" terminal.

I believe there is a big difference between security and paranoia. . .
Hope this helps,
d.sch.
User avatar
dick scherrer
Global moderator
 
Posts: 6268
Joined: Sat Jun 09, 2007 8:58 am
Has thanked: 3 times
Been thanked: 93 times

Re: specific IP

Postby jaggz » Sun Jul 15, 2012 7:57 am

Hi,

Well if you really want to limit the user accessing TELNET.

Please Refer : z/OS V1R11.0 Communications Server IP Configuration Guide z/OS V1R11.0
SC31-8775-16
Check under : TCPIP resource protection.

I hope it helps to accomplish your Objective. If you are part of Security side then its worth testing in sandbox.

Jaggz
User avatar
jaggz
 
Posts: 356
Joined: Fri Jul 23, 2010 8:51 pm
Has thanked: 8 times
Been thanked: 5 times

Re: specific IP

Postby dick scherrer » Sun Jul 15, 2012 8:02 am

Hello,

Please Refer : z/OS V1R11.0 Communications Server IP Configuration Guide z/OS V1R11.0
SC31-8775-16
Check under : TCPIP resource protection.
Does this prevent using a "different" ip address when the ip address is subject to change at each new login?

I'm not familiar with this, but do wonder how one could enforce a limit to one ip address that is dynamic. . .
Hope this helps,
d.sch.
User avatar
dick scherrer
Global moderator
 
Posts: 6268
Joined: Sat Jun 09, 2007 8:58 am
Has thanked: 3 times
Been thanked: 93 times

Re: specific IP

Postby jaggz » Sun Jul 15, 2012 8:05 am

Hi,

I believe OP was trying to Limit the user accessing TELNET(TN3270 server) ?

Jaggz
User avatar
jaggz
 
Posts: 356
Joined: Fri Jul 23, 2010 8:51 pm
Has thanked: 8 times
Been thanked: 5 times

Next

Return to TSO & ISPF

 


  • Related topics
    Replies
    Views
    Last post