EIM and SSO is not new software - it is all on the system already and has been since at least V5R2.

It is all configuration - and that would involve some dollars, due to time, at least.

EIM is nicely described as a mapping from Windows user names to IBM i user names - they don't have to be the same, nor do the passwords need to be the same - once authenticated by Windows AD, IBM i trusts the Active Directory server, so you are let in the door at Joe's Pool Hall and Emporium.

Synchronizing becomes a non-issue.

Hope that makes a little sense, and even more that it is germane to your post!

On 4/3/2014 4:13 PM, Buzz Fenner wrote:

Sorry, I neglected to be more detailed in my description of the problem.
One, we have a mix of users - some have only windows profiles & some ibm
profiles. Two, and more importantly, adding more software (i.e. more $) is
not a good option right now.

Last night, I started playing around with the idea of writing an attention
key program for the i utilizing either the qibm_qsy_chk_passwrd exit program
or qsychgpw api. That way, it'll get checked for compliance with the sysval
password rules. Otherwise, I'd have to code the rules in RPGLE (easy
enough), possibly using a regex expression (thanks Scott!).

I've used MS Powershell scripts to change user account passwords before;
should be able to fire a script using qsh, or something along those lines
from a cle.

Thanks for the ideas...


This thread ...


Return to Archive home page | Return to MIDRANGE.COM home page