In the connected IBM i environment, signon screens are projected to terminal emulation software throughout the network and even over the Internet for users that are accessing the system from remote locations. As a result, the signon screen standard context can be easily recognized by people with malicious intent and scrubbed (sniffed) for user id and password information. The the classic signon screen also presents a field that could provide a saavy user with a way to bypass your intended signon process sequence. See for yourself by running QCMD in the "Program/procedure" field.
Source code for the standard signon screen is stored in a source physical file named QAWTSSRC in library QSYS. In this source file, you will find two sets of code for the two possible standard screens on your system, QDSIGNON and QDSIGNON2. The first is used when you have standard 10 character passwords configured and the latter is used when you have set your system up for long (128 character) passwords/pass-phrases.
NOTE: copy the source to your own library for changes, to preserve the originals from IBM
Use Screen Design Aid (SDA, PDM option #17) to edit the code. Consider the following:
Remove the text field for the "Program/procedure" field and change the PROGRAM field so that it is non-display. This will keep the integrity of the signon screen while preventing this field from being used.
Compile the screen into a library other than QSYS. Then update the subsystem description to implement the new screen. You can use the Change Subsystem Description (CHGSBSD) command; press the F10 key to display all parameters and you'll find one that controls the signon screen in use. Test your new screen in the QPGMR subsystem to make sure it works as desired before rolling it out to QINTER and other production subsystems.
We DO NOT RECOMMEND using an alternate signon screen for your system console, which is typically associated with the QCTL subsystem.
