|
Name |
|
Date |
Size |
#Lines |
LOC |
| .. | | 03-May-2022 | - |
| curses/ | H | 22-Nov-2008 | - | 2,519 | 1,860 |
| doc/ | H | 22-Nov-2008 | - | 1,325 | 1,233 |
| freebsd/ | H | 03-May-2022 | - | 726 | 620 |
| lib5250/ | H | 03-May-2022 | - | 27,150 | 18,629 |
| linux/ | H | 22-Nov-2008 | - | 1,106 | 1,021 |
| lp5250d/ | H | 22-Nov-2008 | - | 2,923 | 2,137 |
| python/ | H | 22-Nov-2008 | - | 4,004 | 3,500 |
| slang/ | H | 22-Nov-2008 | - | 1,255 | 885 |
| sun/ | H | 22-Nov-2008 | - | 448 | 376 |
| win32/ | H | 03-May-2022 | - | 6,974 | 4,902 |
| AUTHORS | H A D | 23-Jul-2003 | 369 | 17 | 16 |
| COPYING | H A D | 20-Mar-2002 | 23.8 KiB | 459 | 386 |
| ChangeLog | H A D | 22-Nov-2008 | 92.9 KiB | 2,137 | 1,706 |
| INSTALL | H A D | 22-Nov-2008 | 9.3 KiB | 237 | 179 |
| Makefile.am | H A D | 21-Nov-2008 | 676 | 37 | 11 |
| Makefile.in | H A D | 03-May-2022 | 21.4 KiB | 708 | 608 |
| NEWS | H A D | 05-May-2005 | 880 | 22 | 18 |
| README | H A D | 05-May-2005 | 3.6 KiB | 96 | 70 |
| README.ssl | H A D | 31-Oct-2001 | 9.3 KiB | 226 | 160 |
| TODO | H A D | 05-May-2005 | 968 | 42 | 27 |
| XTerm | H A D | 04-Sep-2001 | 2.2 KiB | 57 | 53 |
| aclocal.m4 | H A D | 22-Nov-2008 | 260 KiB | 7,428 | 6,673 |
| compile | H A D | 22-Nov-2008 | 3.6 KiB | 143 | 79 |
| config.guess | H A D | 22-Nov-2008 | 44.4 KiB | 1,543 | 1,328 |
| config.h.in | H A D | 22-Nov-2008 | 5.2 KiB | 202 | 135 |
| config.sub | H A D | 22-Nov-2008 | 33 KiB | 1,678 | 1,533 |
| configure | H A D | 22-Nov-2008 | 772.7 KiB | 24,998 | 20,144 |
| configure.ac | H A D | 21-Nov-2008 | 7.9 KiB | 249 | 229 |
| depcomp | H A D | 22-Nov-2008 | 15.6 KiB | 531 | 330 |
| install-sh | H A D | 22-Nov-2008 | 9 KiB | 324 | 189 |
| ltmain.sh | H A D | 28-Jun-2007 | 194.3 KiB | 6,931 | 5,472 |
| missing | H A D | 22-Nov-2008 | 10.8 KiB | 361 | 268 |
| xt5250.in | H A D | 22-Nov-2005 | 2.7 KiB | 114 | 70 |
README
1tn5250 README
2------------------------------------------------------------------------------
3
4This is an implementation of the 5250 telnet protocol. It was originally an
5implementation for Linux, but it has been reportedly compiled on a number
6of other platforms. Contributed keyboard maps and termcap entries for
7FreeBSD are in this tarball as well (see freebsd/README for more information).
8
9This, the 0.17.x series, is the development series and may cause severe
10headaches and stomach cramps, if only due to the quality of code :) If you
11are looking for a stable emulator, get the latest 0.16.x version. Even so,
120.17.x is quite stable and in production at several sites. Furthermore, for
13the enhanced 5250 protocol 0.17.x is required.
14
15Building from CVS
16=================
17
18Skip to ``Building and Installing'' below if you got these sources from a
19.tar.gz release file or a CVS snapshot (as opposed to using `cvs checkout'
20or `cvs update' to retreive the sources).
21
22Certain files, such as the libtool support files and some shell scripts
23which replace possibly missing commands on the target system are not in
24CVS because we don't maintain them. They can be installed with the
25following command:
26
27 ./autogen.sh
28
29This command requires current versions of the following packages, and the
30generated files may not work properly.
31
32 automake
33 autoconf
34 libtool
35
36You may receive an error the first time you run this script. If so, run
37the script a second time to make sure you don't get an error (this is a bug
38with automake).
39
40
41Building and Installing
42=======================
43
44To build the emulator simply type the following:
45
46 ./configure
47 make
48 make install
49
50Additional (but decidedly generic) installation instructions are available
51in the file `INSTALL' included in this distribution. Installation
52instructions specific to your platform exist if you are using Linux or
53FreeBSD -- they are in the linux/ and freebsd/ directories, respectively.
54Please read these before telling us that the function keys don't work ;-)
55
56The emulator uses the ncurses library for manipulating the console. Make
57sure you have the ncurses development libraries installed before trying to
58compile the source. There have been both reports of the standard BSD curses
59working and not working, so you may have to install GNU curses (ncurses)
60under *BSD.
61
62X Windows
63=========
64
65To use the emulator under X Windows, use the provided `xt5250' shell script,
66which sets up a standard `xterm' (it will *not* work with an `nxterm' or an
67`rxvt' terminal).
68
69There is one common problem which would cause xt5250 to flash once on the
70screen then disappear. If the termcap or terminfo entry for the `xterm-5250'
71terminal type does not exist, the `xterm' will exit immediately.
72
73x5250 is an X11 front end (which does not use xterm) written by James Rich.
74It can be found at http://www.chowhouse.com/~james/x5250.
75
76Other Information
77=================
78
79Other information is available on the web.
80
81http://tn5250.sourceforge.net/ - linux5250 Homepage
82http://www.midrange.com/linux5250.shtml - linux5250 List Info
83http://archive.midrange.com/linux5250/index.htm - linux5250 List Archives
84http://sourceforge.net/projects/tn5250/ - linux5250 at Sourceforge
85http://perso.libertysurf.fr/plinux/tn5250-faq.html - linux5250 FAQ
86http://www.chowhouse.com/~james/tn5250-HOWTO.pdf - linux5250 HOWTO
87
88Comments, questions, bug reports and patches are much appreciated - please
89subscribe to the list and post them there if at all possible. If that's too
90much trouble, email one of the maintainers below:
91
92Jason M. Felice <jasonf@nacs.net>
93Michael Madore <mmadore@blarg.net>
94
95Enjoy!
96
README.ssl
1 HOW TO SET UP / USE TN5250 WITH SSL
2
3It is possible to configure your AS/400 and tn5250 to encrypt and protect
4it's conversation using the SSL/TLS protocol. This document tells you how.
5
6SETTING UP YOUR SERVER:
7
8 This section assumes that your AS/400 and TELNET server have not yet
9 been set up to use SSL, and that you wish you create & sign your own
10 SSL certificates (as opposed to buying them from VeriSign on similar
11 company)
12
13 If your system is already set up for SSL, please skip to step 7.
14
15 1) You must install the following software on your AS/400:
16 -- Digital Certificate Manager, option 34 of OS/400 (5769-SS1)
17 -- IBM HTTP Server for AS/400 (5769-DG1)
18 -- IBM Cryptographic Access Provider (5769-ACx or 5649-ACx)
19
20 The first two options are included on your OS/400 CDs. The
21 Cryptographic Access Provider must be ordered from IBM, and you
22 may get a different option, depending on the laws in your country
23 regarding encryption, and the model of AS/400 you have. At the
24 time of this writing, IBM supplies the C.A.P. at no charge.
25
26 If you're given a choice, you'll want to install 5769-AC3, as
27 it has the best cryptography.
28
29 2) Start the HTTP *ADMIN server in order to configure your Digital
30 Certificate Manager. From the AS/400, type:
31 STRTCPSVR SERVER(*HTTP) HTTPSVR(*ADMIN)
32
33 3) With a web browser, connect to your AS/400's admin server:
34 http://as400.example.com:2001
35
36 4) Click "Digital Certificate Manager", then "Certificate Authority (CA)"
37 then "Create a Certificate Authority." Fill out the forms, etc.
38
39 6) Click "System Certificates". IF you haven't done so already,
40 click "Create new certificate store" and follow the prompts for
41 creating the *SYSTEM certificate store.
42
43 7) Select "Work With Secure Applications". Select
44 "QIBM_QTV_TELNET_SERVER", then click the
45 "Work with system certificate" button. It should tell you
46 that your telnet server has your system certificate assigned
47 to it. IF not, you can assign it here.
48
49 8) Now you have to start your telnet server on the AS/400. If it
50 is already running, you'll have to end it, and start it again.
51 On the AS/400, type:
52 ENDTCPSVR SERVER(*TELNET)
53 STRTCPSVR SERVER(*TELNET)
54
55 9) Now, verify that your SSL-enabled Telnet server is running.
56 on the AS/400, type NETSTAT *CNN. Press F14 to display
57 the port numbers. Look for a server that's in "Listen"
58 state on port 992. This is the SSL telnet server.
59
60If you have problems, or need more detailed information on how to set
61up the TELNET-SSL server on the AS/400, see the TCP/IP configuration area
62of the iSeries Information Center.
63
64Here's a link to the TELNET section of the Information Center online:
65http://publib.boulder.ibm.com/pubs/html/as400/v4r5/ic2924/info/RZAIWGETSTART.HTM
66Click "Telnet server and SSL" to get started.
67
68
69CONFIGURING TN5250 TO USE SSL:
70
71 1) You must have OpenSSL installed on your Linux/FreeBSD (etc) machine
72 before building tn5250 if you want it to use SSL. If you don't
73 already have it, you can get it from http://www.openssl.org
74
75 2) One of the first steps of building TN5250 is to run ./configure.
76 To ensure that SSL support is compiled in, type ./configure --with-ssl
77 instead of just ./configure. (If you omit the --with-ssl, the
78 script may still use OpenSSL. The --with-ssl option really just tells it
79 to report an error if OpenSSL cannot be found)
80
81 3) Build tn5250 as normal. (after configure type 'make' then 'make install'
82 see the README file for more information)
83
84 4) To tell TN5250 to use SSL when you connect to your AS/400, prefix
85 the hostname with ssl: in your configuration. For example,
86 type: tn5250 ssl:as400.example.com
87
88 At this point, your TN5250 session should be encrypted when sent over
89 the network. However, you should also consider telling tn5250 to verify
90 the server's certificate when connecting.
91
92
93VERIFYING YOUR SERVERS CERTIFICATE:
94
95 It is a good idea when using SSL to verify the certificate that your
96 telnet-ssl server is sending to tn5250. This ensures that you are
97 communicating with the server that you think you are, and that your
98 connection is not being "hijacked" by a 3rd party.
99
100 1) If it's not already running, start the AS/400's HTTP *ADMIN server
101 by typing: STRTCPSVR SERVER(*HTTP) HTTPSVR(*ADMIN)
102
103 2) Connect to the Admin server with a web browser:
104 http://as400.example.com:2001
105
106 3) Click "Digital Certificate Manager", then "Certificate Authority (CA)"
107 then "Install CA certificate on your PC", then click
108 "Copy and paste certificate"
109
110 4) Highlight the certificate that is displayed with your mouse. Make
111 sure that you include the "----BEGIN CERTIFICATE-----" and the
112 "----END CERTIFICATE-----" in the selection. Copy & paste this
113 information into a file on your Linux/FreeBSD machine. For our
114 example, we'll call this file "as400_ca.pem"
115
116 5) Set up tn5250 to verify the server's certificate using the
117 +ssl_verify_server keyword and the ssl_ca_file= option.
118
119 for example, type the following (as one line):
120 tn5250 +ssl_verify_server ssl_ca_file=/path/to/as400_ca.pem
121 ssl:as400.example.com
122
123
124USING TN5250 WITH SSL CLIENT CERTIFICATES:
125
126Some versions of OS/400 allow you to require client authentication in
127the Telnet server. If your AS/400 is set up this way, here's how you
128telnet TN5250 to use certificates & a private key:
129
130 1) If it's not already running, start the AS/400's HTTP *ADMIN server
131 by typing: STRTCPSVR SERVER(*HTTP) HTTPSVR(*ADMIN)
132
133 2) Connect to the Admin server with a web browser (I used Netscape
134 Navigator 4.77 in my tests):
135 http://as400.example.com:2001
136
137 3) Click "Digital Certificate Manager", then "Certificate Authority (CA)"
138 then "Install CA certificate on your PC", then click
139 "Receive certificate"
140
141 4) Netscape brings up the "New Certificate Authority" wizard. Follow
142 the prompts, until you can finally click "Finish".
143
144 5) Click "User Certificates", then "Request a new user certificate",
145 Fill out the form and click OK.
146
147 6) Netscape brings up the "Generate A Private Key" wizard. Follow
148 the prompts. The password you assign it is only temporary,
149 but you should assign it one. Maybe "tn5250" is a good password.
150
151 7) After filling out your password, and waiting a second or two, you
152 should come to a screen that says "User Certificate Created
153 Successfully". Click "Receive Certificate".
154
155 8) The certificate should be downloaded into your web browser. It
156 may not tell you that it did anything, so don't be surprised if
157 nothing seems to happen.
158
159 9) On the Netscape "Navigation Toolbar" click the "Security" button.
160 (This is the button that looks like a padlock). Then under
161 "Certificates", click on "Yours".
162
163 10) The certificate that you just generated should appear, along with
164 any other private-key certficates that you have in your browser.
165 Highlight the cert that you just generated, and click "Export".
166
167 11) It asks for a password. Type the password that you used in step 6.
168
169 12) It asks for a new password. Type the same password again.
170 Then type it one more time to verify it. :)
171
172 13) Save the exported certificate to a file called "tn5250.p12"
173 It will tell you that the certificate has been successfully
174 exported. Good work!
175
176 14) Unfortunately, Netscape likes to save the certificate in pkcs12
177 format, which doesn't do us much good. We need it in PEM format!
178 Back at your *BSD/Linux/Unix/etc prompt type:
179
180 openssl pkcs12 -clcerts -in tn5250.p12 -out tn5250.pem
181
182 15) It asks for the "Import Password". This is the same password
183 that you assigned it in Step 12.
184
185 16) It says "Enter PEM pass phrase". This is, yet another, password.
186 However, this is the important one that you will be using from
187 this point on. You might want to write it down.
188
189 17) Now, finally, to tell tn5250 to use this certificate that you
190 just received, use the ssl_cert_file keyword. Here's an example:
191
192 tn5250 ssl_cert_file=/home/klemscot/tn5250.pem ssl:as400
193
194 18) It should ask you for your PEM pass phrase. This is the password
195 that you typed in Step 16.
196
197 19) If you don't want to type your PEM pass phrase each time, you can
198 use the ssl_pem_pass keyword to assign it. For example, you
199 might type the following (as one line):
200
201 tn5250 ssl_cert_file=/home/klemscot/tn5250.pem
202 ssl_pem_pass=mmmbeer +ssl_verify_server ssl:as400.example.com
203
204
205USING SSL IN A CONFIGURATION FILE:
206
207Since these commands are getting sort-of long, you'll probably want to use
208a configuration file.
209
210If you want to use a config file (~/.tn5250rc or /usr/local/etc/tn5250rc)
211with tn5250, set it up like this:
212
213 session1 {
214 host = ssl:as400.example.com
215 +ssl_verify_server
216 ssl_ca_file = /path/to/as400_ca.pem
217 ssl_cert_file = /path/to/tn5250.pem
218 ssl_pem_pass = mmmbeer
219 [ .. other options can go here ... ]
220 }
221
222And start tn5250 like this:
223
224 tn5250 session1
225
226