× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. DOMINO400
  3. January 2006

Re: Domino400 Digest, Vol 4, Issue 8

(IF my memory is correct.) The problem is that the slsetup.exe version of synchronization uses a password hash that is cached/stored in the Windows registry.
There are two different password synchronizations that I have tried with the iSeries, the synchronization that comes with the regular Notes installation (Synchronizes Windows NT and Notes) and the one that uses slsetup.exe which synchronized the 5250 session in addition to synchronizing Windows NT and Notes but made it VERY difficult to change user ids and my research indicated that it was because slsetup version utilized the registry for caching.
If you are able to make the slsetup version work with switching user id's, please let me know.. I'd like to use it.
I also looked into IBM Enterprise Identity Management, however; I could find no proof that it worked with the Notes client. 

Mark


domino400-request@xxxxxxxxxxxx wrote:


Send Domino400 mailing list submissions to
        domino400@xxxxxxxxxxxx

To subscribe or unsubscribe via the World Wide Web, visit
        http://lists.midrange.com/mailman/listinfo/domino400
or, via email, send a message with subject or body 'help' to
        domino400-request@xxxxxxxxxxxx

You can reach the person managing the list at
        domino400-owner@xxxxxxxxxxxx

When replying, please edit your Subject line so it is more specific
than "Re: Contents of Domino400 digest..."


Today's Topics:

  1. Re: i5/OS Single Logon (Patrick Trapp)
  2. Re: i5/OS Single Logon (rob@xxxxxxxxx)
  3. Re: i5/OS Single Logon (rob@xxxxxxxxx)
  4. Re: JDBC connectivity  (seanmurphy@xxxxxxxxxxx)
  5. Re: i5/OS Single Logon (GKern@xxxxxxxxxxxxxxxx)
  6. Re: Normal CPU? (Patrick Trapp)
  7. Re: JDBC connectivity (Robert Laing)


----------------------------------------------------------------------

message: 1
date: Mon, 9 Jan 2006 15:29:36 -0600
from: "Patrick Trapp" <ptrapp@xxxxxxxxxxxx>
subject: Re: i5/OS Single Logon
We've only installed the Single Sign-On via the actual client install, so I can't say anything about the trouble you had with the installation.
Regarding switching to a different ID, I do that all the time here. My administrator and my user IDs have different passwords, and when I switch from one to the other, I get the error screen and then I get the password prompt. How are you switching IDs? Are you just using File - Security - Switch ID? Or do you have a location document with the ID's path listed on the advanced tab? I think they have both worked for me, but one might work better for you than the other. I prefer using the Location documents myself since it takes care of the mail file, too. 

Patrick
GKern@xxxxxxxxxxxxxxxx Sent by: domino400-bounces+ptrapp=nex-tech.com@xxxxxxxxxxxx 
01/09/2006 02:14 PM
Please respond to
Lotus Domino on the iSeries / AS400 <domino400@xxxxxxxxxxxx>


To
domino400@xxxxxxxxxxxx
cc

Subject
Re: i5/OS Single Logon
I tried it this morning. First off, using the nnslinst.nsf on my server (R6.5.1) and detaching the slsetup.exe resulted in an error during the install. The error message was "Error - Unable to find Lotus Notes". Funny since LN has been on this pc for almost 5 years. So I downloaded the same nsf from an IBM FTP Site. This one did install without problem. I rebooted, logged on, opened notes and sure enough I wasn't prompted for a password. That was nice. I then started CA express sessions, and it did bypass the initial iSeries access logon prompt, and it went straight to the 5250 emulation sign on screens. That alone eliminated two instances of where I would normally enter my user id and/or password. Then I tried to switch users in Notes to the admin account. It failed with an error indicating the password didn't match. It didn't give me the option to enter another password either - so that squashes any hope for my using this since I, and the win network admin, are both notes admin and his network admin password is different that the notes admin password. (Since we share notes admin duty but not windows admin duty - we can't have the same passwords for obvious reasons - and for hipaa reasons too.) It would be nice if this application allowed you to specify which user id's are single signon candidates, and which should bypass sso.
So the proof of concept was somewhat acceptable. The only other problem is that not all of our users have windows and iseries profiles with the same value. So that means either changing the iseries profiles and assuming the baggage associated with that (IMO - unacceptable) or doing a name change of the windows network users and also then cleaning up all the associated details such as shares, network storage etc... and I'm not the windows guy so I don't know what's involved from the windows perspective regarding that. But this does make a good case for instituting a policy that windows logons and iseries profiles should be the same for all future employees. 
Regards, Jerry

Gerald Kern - MIS Project Leader
Lotus Notes/Domino Administrator
IBM Certified RPG IV Developer
The Toledo Clinic, Inc.
4235 Secor Road
Toledo, OH 43623-4299
Phone 419-479-5535
gkern@xxxxxxxxxxxxxxxx
*****
This email message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. 
_______________________________________________
This is the Lotus Domino on the iSeries / AS400 (Domino400) mailing list
To post a message email: Domino400@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/domino400
or email: Domino400-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/domino400.




------------------------------

message: 2
date: Tue, 10 Jan 2006 08:24:01 -0500
from: rob@xxxxxxxxx
subject: Re: i5/OS Single Logon
While some people feel that having the same password for windows and iSeries is opening up "real" data to hackers and just go into convulsive fits I feel that forcing 32 passwords on everyone just means more post-it notes on the terminal. Our documented workflow process (Notes based) for creating new profiles has their windows account and their iSeries account the same. The users can use different passwords if they want to though. 

Rob Berendt

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.