EIM and SSO is not new software - it is all on the system already and
has been since at least V5R2.
It is all configuration - and that would involve some dollars, due to
time, at least.
EIM is nicely described as a mapping from Windows user names to IBM i
user names - they don't have to be the same, nor do the passwords need
to be the same - once authenticated by Windows AD, IBM i trusts the
Active Directory server, so you are let in the door at Joe's Pool Hall
Synchronizing becomes a non-issue.
Hope that makes a little sense, and even more that it is germane to your
On 4/3/2014 4:13 PM, Buzz Fenner wrote:
Sorry, I neglected to be more detailed in my description of the problem.
One, we have a mix of users - some have only windows profiles & some ibm
profiles. Two, and more importantly, adding more software (i.e. more $) is
not a good option right now.
Last night, I started playing around with the idea of writing an attention
key program for the i utilizing either the qibm_qsy_chk_passwrd exit program
or qsychgpw api. That way, it'll get checked for compliance with the sysval
password rules. Otherwise, I'd have to code the rules in RPGLE (easy
enough), possibly using a regex expression (thanks Scott!).
I've used MS Powershell scripts to change user account passwords before;
should be able to fire a script using qsh, or something along those lines
from a cle.
Thanks for the ideas...