Securing AS400 Server Connection channel

[mqbrowser]

Does anyone know how to secure a server connection channel on the AS400? We have NT(WIndows 2000) machines connecting as MQ clients to the AS400. The AS400 doesn't seem to be authenticating the user on the NT box. We would like to have only certain IP addresses the ability to connect to the AS400. I understand the only way to do this is to write a channel security exit. Has anyone done this before? Is there a better way to lock down the AS400?

Thanks,
Vinoo Palayoor

 

[pmeekin]

Unfortunately there is no other way of providing access control based upon a userid other than to code a security exit and there are several samples around. To simply check the IP address would be relatively easy.

However, depending upon what your requirements are, you could set up a SVRCONN channel that provided limited authority, although anyone could connect.

To do this, set up a userid on the AS/400 that has the privileges necessary, e.g. Inquire queues, browse Dead Letter Queue etc. Then, specify this userid as the MCA user on the SVRCONN channel. That way, although anyone can connect via this channel, they will be restricted in what they can do.

Cheers,
Paul