Environment
PSSecure
Situation
Resolution
When configuring Client Access, the ability to "Bypass Signon" exists. This is not generally done. Consequently, when signing in via Client Access, there will be two Collected Entries created by Remote Request Management (RRM). One will be server SIGNON, function INFO for the specific user AND an associated Collected TELNET server entry with a User of Anonymous.
When attempting to "promote" the collected TELNET entry, there will be a warning message indicating profile Anonymous does not exist. There will be the option to add Anonymous to RRM. This DOES NOT create a User Profile Anonymous, it is just an entry in RRM (NOTE: the entry could also be changed to User *PUBLIC if Anonymous is not wanted). The "Action" will be *PASS and it may be desirable to make the Network *ALL rather than promoting entries for individual IP addresses. Following is another option:
Most users don't want to rule base (secure) TELNET access so it makes sense to create a simple *PUBLIC rule for TELNET. Limiting the IP may be the only "non-all" field. For example, to allow Telnet for all on-site (157.26.0.0 - 157.26.255.255 addresses considered on-site) users by the following secured entries:
User Network Operation Action Swap Prf
*PUBLIC 157.26.* SIGNON_INFO *PASS
*PUBLIC 157.26.* TELNET_INIT *PASS
Alternately, another option is to create the following Secured Entries to cover this (and more):
User Network Operation Action Swap Prf
*PUBLIC 157.26.* :SIGNON *PASS
*PUBLIC 157.26.* TELNET_INIT *PASS
The second option may be preferred because the ":SIGNON" entry covers all "signon" type operations (not just the SIGNON_INFO operation).