What security risk is involved when using a profile with INLMNU(*SIGNOFF).
We have a separate partition (LPAR) which is being used as a file server. On this I have created profiles matching the user's Windows account. This is different from the user's AS400 user id used to sign on to the production partition.
On the file server the profiles (matching Windows user account but different from production user id) have the password set to Windows user account and the INLMNU(*SIGNOFF). My understanding is that the profile could not sign on.
On the file server (AS400 partition) the IFS is used to create a folder /home/<Windows Account> and the security is set to only allow <Windows Account> access. A map is created in the user's Windows log on script to map a Windows network drive to the IFS folder.
This all works file but today the concern was raised that someone (with proper knowledge) could map a drive to an other user's folder on the IFS connecting as <Windows Account>/<Windows Account>.
At present and for the forseeable future the files which will be stored in a user's folder will be Excel documents created from historical data. No production data exists on the file server.
Is this opening us up to a large security risk?
I would ap0preciate your comments.
Thanks in advance,
January 4, 2007 9:11 PM
January 8, 2007 10:22 AM