MIDRANGE dot COM Mailing List Archive



Home » MIDRANGE-L » April 2014

Re: Synchronized Passwords accross IBM i & Active Directory



fixed

+1 - there's a nice tutorial in developerworks on setting up SSO with EIM and IBM's Kerberos implementation on the i. Here's the link -

http://www.ibm.com/developerworks/ibmi/library/i-sso/index.html

It's not ALL that hard to set up SSO, once you get over some hurdles - it only took a month and a half, with help from ISV support, to find out it's easy - now that also involved using the EIM APIs to enable a web application for SSO - more than just using the wizard in IBM i access.

Getting all your users into EIM can be fussy, and IBM Lab Services (I think) and Pat Botz have tools for facilitating this. And Pat provides ongoing support that includes dealing with changes by Microsoft in their AD and Windows configuration stuff.

Good luck
Vern

On 4/2/2014 3:22 PM, DrFranken wrote:
This is precisely what EIM and Kerberos are about. Dump your IBM i
Passwords completely (except for admins) and just use the one in Windows.

If you truly need everyone to be able to sign on independently to IBM i
without using any windows workstations then this is likely not the right
solution for you.

- Larry "DrFranken" Bolhuis

www.frankeni.com
www.iDevCloud.com
www.iInTheCloud.com

On 4/2/2014 3:37 PM, Buzz Fenner wrote:
All,



Looking to create a new process to facilitate password change on our i &
Windows domain. Until recently, we were on a Model 520 that housed two IXS
cards. On one of those cards was our W2K3 DC. With the help of User
Enrollment on the i, we sync'd up account passwords; a user account on the i
took care of performing password maintenance on the DC.



Fast forward to today with a new server and no more Windows integration; I
have to redo that process. Just wondering how other folks have addressed the
problem!



--

Buzz Fenner

Business Systems Analyst/Systems Administrator

City Water & Light

870.930.3374 | 870.219.5229

bfenner@xxxxxxxxxxxxxxxx









Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2014 by MIDRANGE dot COM and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available here. If you have questions about this, please contact