SQL Logon Requests

This guide takes you through the basic steps to authenticate *SQL exit point logon requests such as those originating from an ODCB database.

Prerequisites

Ensure that the SecurID software is loaded and the relevant software keys have been applied.
SecurID controls a single subsystem, called 'ACEDTI’. This should be reviewed on a regular basis to ensure that it is active. Where possible, you should modify your system start-up program to run the command @ACE/STRACEDTI.
Any IBM i profile name(s) used when following this guide, must be able to authenticate with an RSA Authentication Manager.
Additional software, referred to as “Remote Authentication software” must be installed. For details, see the Installing SecurID Remote Authentication section in the Powertech RSA SecurID Agent for IBM i Installation Guide on the Fortra Support Portal.

NOTE: To configure the SecurID Agent for communications between your IBM i system and the Windows machine that will be originating the *SQL logon requests, see Configuring Port Connections in Managing Authentication for Exit Point Logon Requests.

Authenticating *SQL Logon Requests

From the Master Menu, select option 10, Work with Client Application Availability. The Work with Available PC Support Apps screen appears.
If *SQL does not exist in the displayed list, press F6 (Create) to select it from a list. If the application name does exist in the list, enter 2 next to it and press ENTER. The Maintain PC Support Availability screen appears.
- Enter the following values:

Authentication requests: S
NOTE: S indicates SecurID will require authentication only for profiles set to Y (under the SecurID column) in the Work with Profiles for SecurID Agent screen. A indicates all profiles will require authentication. If this field is left blank, SecurID will not authenticate this exit point for any profile (even if Activate PCS Checking has been set to Y in the Activate-De-activate PCS Validation screen).

Press Enter.

Press F3 to exit the program, and return to the Master Menu.
From the Master Menu, select option 4, Activate/de-activate remote authentication option, and press ENTER.
Set Activate PCS checking? to Y and press Enter.
After registering the agent’s exit program against the SQL Exit Point, the IBM i Host Servers will most likely require re-cycling. To re-cycle, either IPL the system, or end and restart the Host Severs without performing an IPL. To end and restart the Host Severs:
1. Run the command: ENDHOSTSVR SERVER (*FILE)
2. Run the command: ENDHOSTSVR SERVER (*DATABASE)
3. Run the command: ENDSBS SBS (QSERVER), and wait until the subsystem has ended.
4. Run the command: ENDSBS SBS (QUSRWRK), and wait until the subsystem has ended.
5. Run the command: STRSBS SBS (QSERVER), and wait until the subsystem has started.
6. Run the command: STRSBS SBS (QUSRWRK), and wait until the subsystem has started.
7. Run the command: STRHOSTSVR SERVER (*FILE)
8. Run the command: STRHOSTSVR SERVER (*DATABASE)

See Configuring SecurID Remote Authentication to map and sync IBM i users with the PC.

See Authenticating Exit Point Logon Requests to authenticate logon requests from your PC.

Copyright © Fortra, LLC and its group of companies.
All trademarks and registered trademarks are the property of their respective owners.
9.13 | 202403280913 | March 2024