On Monday, 06/08/2009 at 02:49 EDT, Michael Coffin <michaelcof...@mccci.com> wrote:
> We have a bunch of users that are DB2 for VM Stored Procedure servers. They > get autologged and run some DB2 code that allows work to be offloaded onto > them. When we changed their passwords to be LBYONLY the process stopped > working. Nobody seemed to know HOW these servers actually get autologged, so > I dug through some system logs from prior to the change and found this: > > AUTO LOGON *** SQLP0001 USERS = 101 BY SQLP0001 > > Is that the darnedest thing you ever saw?!?!? How can a virtual machine > which is NOT logged on execute AUTOLOG, and if it IS logged on and can > execute AUTOLOG, then it cannot be AUTOLOGged! This started the whole > "chicken and egg" analysis of course, and we were forced to make these very > unusual servers AUTOONLY (with many comments documenting this oddity in their > VM:Secure server profile!). What you are seeing is an APPC Private Server request. That is, APPCVM CONNECT to LU *USERID SQLP0001. Requests can come in locally or via LU 6.2 (AVS & VTAM) from a remote system. > PS: There is one other group of users that cannot use LBYONLY or AUTOONLY, if > a server (that normally runs disconnected) is the subject of FTP operations, > the FTP login authentication will fail with either LBYONLY or AUTOONLY as the > password. If someone knows of a clever way around this, I'd love to hear it > ..... :) An AUTOONLY user cannot be used for authentication (obviously). An LBYONLY user must authenticate with their own user ID. E.g. enter maint.by.michael when ftp prompts for your user ID. Alan Altmark z/VM Development IBM Endicott