EIM works pretty good, as long as all the applications in your environment support EIM. Some applications don't (like content manager). But for those things that do (5250) it works great.

Be sure to have the following PTF's so you don't have to scratch your head why your windows 2008 (or above) domain controllers that are handing out Kerberos tickets is failing. It wasn't long ago that the IBM i only supported DES Kerberos where as Microsoft moved to AES years ago as the default Kerberos encryption routine, and thus causes problems with Kerberos authentication, causing windows server operators to "dumb down" the encryption to the old DES standard rather then embrace the new, more secure Kerberos encryption standards.

Fix Release Description
--------- --------- ----------------------------
SI42919 V7R1 Adds AES & RC4 encryption support (krb)
SI42957 V6R1 " "
SI43034 V5R4 " "

SI43918 V7R1 Updates KRB5 header file in QSYSINC
SI43919 V6R1 " "
SI43920 V5R4 " "


-----Original Message-----
From: Matt Lavinder [mailto:mlavinder@xxxxxxxxxxxxxxxxxxx]
Sent: Wednesday, February 19, 2014 3:05 PM
To: midrange-l@xxxxxxxxxxxx
Subject: EIM Domain and SSO

We have been investigating single-sign-on I am looking at following the document here ( for creating a SSO test environment.
I get a bit nervous about making changes as we do not have a test system. Will the act of creating a new EIM domain have any impact on existing users or objects?
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe, unsubscribe, or change list options,
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a moment to review the archives at

This thread ...


Return to Archive home page | Return to MIDRANGE.COM home page