+1 - there's a nice tutorial in developerworks on setting up SSO with
EIM and IBM's Kerberos implementation on the i. Here's the link -
It's not ALL that hard to set up SSO, once you get over some hurdles -
it only took a month and a half, with help from ISV support, to find out
it's easy - now that also involved using the EIM APIs to enable a web
application for SSO - more than just using the wizard in IBM i access.
Getting all your users into EIM can be fussy, and IBM Lab Services (I
think) and Pat Botz have tools for facilitating this. And Pat provides
ongoing support that includes dealing with changes by Microsoft in their
AD and Windows configuration stuff.
On 4/2/2014 3:22 PM, DrFranken wrote:
This is precisely what EIM and Kerberos are about. Dump your IBM i
Passwords completely (except for admins) and just use the one in Windows.
If you truly need everyone to be able to sign on independently to IBM i
without using any windows workstations then this is likely not the right
solution for you.
- Larry "DrFranken" Bolhuis
On 4/2/2014 3:37 PM, Buzz Fenner wrote:
Looking to create a new process to facilitate password change on our i &
Windows domain. Until recently, we were on a Model 520 that housed two IXS
cards. On one of those cards was our W2K3 DC. With the help of User
Enrollment on the i, we sync'd up account passwords; a user account on the i
took care of performing password maintenance on the DC.
Fast forward to today with a new server and no more Windows integration; I
have to redo that process. Just wondering how other folks have addressed the
Business Systems Analyst/Systems Administrator
City Water & Light
870.930.3374 | 870.219.5229