Expert: Pete Mayhew - 9/10/2009

Question
Hello,
Is there a way to limit a user logging in to AS/400 from single PC?  Due to a security concern, we have a single user that we want to force to login to the AS/400 in a dedicated PC on the network (can have multiple sessions on that PC).  We don't want that person to login on AS/400 from other PCs on the network.  This would only be applies to that particular user, NOT all users.  We are running OS/400 V5R4 with Client Access software the same version.

Thank you in advance for your help.

Answer
I don't believe there is a way to restrict a specific user from logging in from multiple devices natively on the AS/400. There is no real link between a user profile and a device name. That being said, you could probably write a small program that would do this though. There is an option in the user profile which specifies a program to be called when a user logs in. You could retrieve the job information, extract the device name (it is part of the job name), then compare that to the devices the user is allowed to login from. If it is not allowed, then issue a SIGNOFF *LIST command (so you have proof..), otherwise, continue to the user's menu.
I am not able to help you with writing such a program though, that is not my expertise.

Pete

Additional info.  I called in a favor from a programmer I know. (this sounded like something I might use one day). His response was essentially the same. Write a CL program that does a RTVJOBA and passes the user name and device name parms to the program. Then test for the 'correct' device name(s). If it is not allowed, issue a SIGNOFF *LIST, otherwise END, and let it go to the intial menu in the user profile. The 'test' program is added to the INLPGM entry of the user profile.

Pete