Remote Sign-On Control (QRMTSIGN)

The Remote Sign-On Control (QRMTSIGN) system value specifies how the system handles remote sign-on requests.

Examples of remote sign-on are display station pass-through from another system, the workstation function of the IBM® i Access licensed program, and TELNET access.

Note: This system value is a restricted value. See Security system values for details on how to restrict changes to security system values and a complete list of the restricted system values.
Table 1. Possible values for the QRMTSIGN system value:
*FRCSIGNON Remote sign-on requests must go through the normal sign-on process.
*SAMEPRF When the source and target user profile names are the same, the sign-on display can be bypassed if automatic sign-on is requested. Password verification occurs before the target pass-through program is used. If a password that is not valid is sent on an automatic sign-on attempt, the pass-through session always ends and an error message is sent to the user. However, if the profile names are different, *SAMEPRF indicates that the session ends with a security failure even if the user entered a valid password for the remote user profile.

The sign-on display appears for pass-through attempts not requesting automatic sign-on.
*VERIFY The *VERIFY value allows you to bypass the sign-on display of the target system if valid security information is sent with the automatic sign-on request. If the password is not valid for the specified target user profile, the pass-through session ends with a security failure.

If the target system has a QSECURITY value of 10, any automatic sign-on request is allowed.

The sign-on display appears for pass-through attempts not requesting automatic sign-on.
*REJECT No remote sign-on is permitted.
  For TELNET access, there is no action for *REJECT.
program-name library-name The program specified runs at the start and end of every pass-through session.

Recommended value: *REJECT is recommended if you do not want to allow any pass-through or IBM i Access access. If you do allow pass-through or IBM i Access access, use *FRCSIGNON or *SAMEPRF.

The Remote Workstation SupportLink to PDF book contains detailed information about the QRMTSIGN system value. It also contains the requirements for a remote sign-on program and an example.