What is the RRM collected entry for TELNET transaction, user Anonymous for? (NETIQKB31052)

  • 7731052
  • 02-Feb-2007
  • 05-Aug-2014


NetIQ Security Solutions for iSeries 8.1
NetIQ Security Solutions for iSeries 8.0
VigilEnt Security Agent for iSeries 7.5
VigilEnt Security Agent for iSeries 5.4/7.0
Remote Request Management (RRM)


What is the RRM collected entry for TELNET transaction, user Anonymous  for? 


When configuring Client Access, the ability to "Bypass Signon" exists. This is not generally done. Consequently, when signing in via Client Access, there will be two Collected Entries created by Remote Request Management (RRM). One will be server SIGNON, function INFO for the specific user AND an associated Collected TELNET server entry with a User of Anonymous.

When attempting to "promote" the collected TELNET entry, there will be a warning message indicating profile Anonymous does not exist. There will be the option to add Anonymous to RRM. This DOES NOT create a User Profile Anonymous, it is just an entry in RRM (NOTE: the entry could also be changed to User *PUBLIC if Anonymous is not wanted). The "Action" will be *PASS and it may be desirable to make the Network *ALL rather than promoting entries for individual IP addresses. Following is another option:

Most users don't want to rule base (secure) TELNET access so it makes sense to create a simple *PUBLIC rule for TELNET. Limiting the IP may be the only "non-all" field. For example, to allow Telnet for all on-site ( - addresses considered on-site) users by the following secured entries:

User            Network                   Operation                     Action                      Swap Prf
*PUBLIC      157.26.*                  SIGNON_INFO           *PASS
*PUBLIC      157.26.*                  TELNET_INIT             *PASS

Alternately, another option is to create the following Secured Entries to cover this (and more):

User            Network                   Operation                     Action                       Swap Prf
*PUBLIC      157.26.*                  :SIGNON                    *PASS
*PUBLIC       157.26.*                 TELNET_INIT             *PASS

The second option may be preferred because the ":SIGNON" entry covers all "signon" type operations (not just the SIGNON_INFO operation).

Additional Information

Formerly known as NETIQKB31052