|
There are two different password synchronizations that I have tried with the iSeries, the synchronization that comes with the regular Notes installation (Synchronizes Windows NT and Notes) and the one that uses slsetup.exe which synchronized the 5250 session in addition to synchronizing Windows NT and Notes but made it VERY difficult to change user ids and my research indicated that it was because slsetup version utilized the registry for caching.
If you are able to make the slsetup version work with switching user id's, please let me know.. I'd like to use it.
I also looked into IBM Enterprise Identity Management, however; I could find no proof that it worked with the Notes client.
Mark domino400-request@xxxxxxxxxxxx wrote:
Send Domino400 mailing list submissions to domino400@xxxxxxxxxxxx To subscribe or unsubscribe via the World Wide Web, visit http://lists.midrange.com/mailman/listinfo/domino400 or, via email, send a message with subject or body 'help' to domino400-request@xxxxxxxxxxxx You can reach the person managing the list at domino400-owner@xxxxxxxxxxxx When replying, please edit your Subject line so it is more specific than "Re: Contents of Domino400 digest..." Today's Topics: 1. Re: i5/OS Single Logon (Patrick Trapp) 2. Re: i5/OS Single Logon (rob@xxxxxxxxx) 3. Re: i5/OS Single Logon (rob@xxxxxxxxx) 4. Re: JDBC connectivity (seanmurphy@xxxxxxxxxxx) 5. Re: i5/OS Single Logon (GKern@xxxxxxxxxxxxxxxx) 6. Re: Normal CPU? (Patrick Trapp) 7. Re: JDBC connectivity (Robert Laing) ---------------------------------------------------------------------- message: 1 date: Mon, 9 Jan 2006 15:29:36 -0600 from: "Patrick Trapp" <ptrapp@xxxxxxxxxxxx> subject: Re: i5/OS Single LogonWe've only installed the Single Sign-On via the actual client install, so I can't say anything about the trouble you had with the installation.Regarding switching to a different ID, I do that all the time here. My administrator and my user IDs have different passwords, and when I switch from one to the other, I get the error screen and then I get the password prompt. How are you switching IDs? Are you just using File - Security - Switch ID? Or do you have a location document with the ID's path listed on the advanced tab? I think they have both worked for me, but one might work better for you than the other. I prefer using the Location documents myself since it takes care of the mail file, too.PatrickGKern@xxxxxxxxxxxxxxxx Sent by: domino400-bounces+ptrapp=nex-tech.com@xxxxxxxxxxxx01/09/2006 02:14 PM Please respond to Lotus Domino on the iSeries / AS400 <domino400@xxxxxxxxxxxx> To domino400@xxxxxxxxxxxx cc Subject Re: i5/OS Single LogonI tried it this morning. First off, using the nnslinst.nsf on my server (R6.5.1) and detaching the slsetup.exe resulted in an error during the install. The error message was "Error - Unable to find Lotus Notes". Funny since LN has been on this pc for almost 5 years. So I downloaded the same nsf from an IBM FTP Site. This one did install without problem. I rebooted, logged on, opened notes and sure enough I wasn't prompted for a password. That was nice. I then started CA express sessions, and it did bypass the initial iSeries access logon prompt, and it went straight to the 5250 emulation sign on screens. That alone eliminated two instances of where I would normally enter my user id and/or password. Then I tried to switch users in Notes to the admin account. It failed with an error indicating the password didn't match. It didn't give me the option to enter another password either - so that squashes any hope for my using this since I, and the win network admin, are both notes admin and his network admin password is different that the notes admin password. (Since we share notes admin duty but not windows admin duty - we can't have the same passwords for obvious reasons - and for hipaa reasons too.) It would be nice if this application allowed you to specify which user id's are single signon candidates, and which should bypass sso.So the proof of concept was somewhat acceptable. The only other problem is that not all of our users have windows and iseries profiles with the same value. So that means either changing the iseries profiles and assuming the baggage associated with that (IMO - unacceptable) or doing a name change of the windows network users and also then cleaning up all the associated details such as shares, network storage etc... and I'm not the windows guy so I don't know what's involved from the windows perspective regarding that. But this does make a good case for instituting a policy that windows logons and iseries profiles should be the same for all future employees.Regards, Jerry Gerald Kern - MIS Project Leader Lotus Notes/Domino Administrator IBM Certified RPG IV Developer The Toledo Clinic, Inc. 4235 Secor Road Toledo, OH 43623-4299 Phone 419-479-5535 gkern@xxxxxxxxxxxxxxxx *****This email message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message._______________________________________________ This is the Lotus Domino on the iSeries / AS400 (Domino400) mailing list To post a message email: Domino400@xxxxxxxxxxxx To subscribe, unsubscribe, or change list options, visit: http://lists.midrange.com/mailman/listinfo/domino400 or email: Domino400-request@xxxxxxxxxxxx Before posting, please take a moment to review the archives at http://archive.midrange.com/domino400. ------------------------------ message: 2 date: Tue, 10 Jan 2006 08:24:01 -0500 from: rob@xxxxxxxxx subject: Re: i5/OS Single LogonWhile some people feel that having the same password for windows and iSeries is opening up "real" data to hackers and just go into convulsive fits I feel that forcing 32 passwords on everyone just means more post-it notes on the terminal. Our documented workflow process (Notes based) for creating new profiles has their windows account and their iSeries account the same. The users can use different passwords if they want to though.Rob Berendt
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.