Negative

if you ever find a way to gain admin on an AS400
Here is how I gained QSECOFR authority (root) on an AS/400. I'm not sure if you would call it social engineering. persistance, or what.

As a network tech working on Novell and NT servers I had little experience with a 400 and asked a lot of questions of one of the programmers who also happened to have QSECOFR authority. I would ask if I could watch as he created user accounts, asked about what the different commands were, and since he was very proud of his abilities with a green screen he shared a lot.

One day I asked how I could learn to do that and he was more than happy to set me up a training account and give me access to their training library which consisted of libraries on the 400, audio tapes, workbooks etc. After going through all the courses I asked if I could have some authority on the machine and an area to practice playing around and he had no problem "taking me under his wing" and giving me a few lessons.

After I started getting pretty good with the 400 and had also been promoted to the network Admin I made the suggestion that heck seeing as I do all the security for the network servers, the e-mail server, and the citrix server it would sure be nice to do the security for the 400 too. Then one person could just take care of all those security requests at once, he could program and not worry about granting access. That went over like a lead balloon and the answer was a big NO.

I persisted though and over the course of almost a year I mentioned that possability over and over to him, to our boss, to our bosses boss and all of a sudden it did seem like a good idea and I gained QSECOFR access to the 400.

Gotta tell you it was a heck of a lot of fun getting into the guts of the system and poking around all the different commands. Within a few weeks I understood more about the security of the 400 than my programmer friend. Someday I might post how an accidental emergency shutdown was initiated on the 400 during heavy production time ,with no way to stop it. Boy gotta be more carefull poking around with some of those commands <grin>