EIM is authentication, not authorization. Can you give profile QNOTES
authority to objects in that directory?



On 2013-01-22, at 2:26 PM, rob@xxxxxxxxx wrote:

Does EIM play well with QFileSvr.400?


Rob Berendt
--
IBM Certified System Administrator - IBM i 6.1
Group Dekko
Dept 1600
Mail to: 2505 Dekko Drive
Garrett, IN 46738
Ship to: Dock 108
6928N 400E
Kendallville, IN 46755
http://www.dekko.com





From: <John_Taylor@xxxxxxxxx>
To: "Lotus Domino on the IBM i (AS/400 and iSeries)"
<domino400@xxxxxxxxxxxx>,
Date: 01/22/2013 12:14 PM
Subject: Re: QFileSvr.400 authority issue
Sent by: domino400-bounces@xxxxxxxxxxxx



This may be a bit 'off the wall' but IBM Enterprise Identity Mapping
(EIM)

happily lets users sign on with Password *NONE. It uses alternate forms
of

authentication such as Kerberos. Maybe it will work for QNOTES?

See http://www.redbooks.ibm.com/abstracts/sg246975.html for more on EIM.

Regards,

John Taylor
Chairman, Typex Group plc



From: <rob@xxxxxxxxx>
To: "Lotus Domino on the IBM i (AS/400 and iSeries)"
<domino400@xxxxxxxxxxxx>
Date: 22/01/2013 16:52
Subject: Re: QFileSvr.400 authority issue
Sent by: <domino400-bounces@xxxxxxxxxxxx>


Ok the issue is that QNOTES has
Password is *NONE . . . . . . . . . . . . : *YES

Is there a problem if I go and assign a password, and,
change "Password expiration interval" *NONE for QNOTES on all lpars?
Realizing that every time I upgrade Domino I may have to do a CHGUSRPRF
QNOTES.


Rob Berendt
--
IBM Certified System Administrator - IBM i 6.1
Group Dekko
Dept 1600
Mail to: 2505 Dekko Drive
Garrett, IN 46738
Ship to: Dock 108
6928N 400E
Kendallville, IN 46755
http://www.dekko.com


I ran CRTUSRPRF DUMMY on one lpar and CRTUSRPRF DUMMY PASSWORD(SOMETHING)

on another. Then from the first lpar I ran
SBMJOB CMD(CPY OBJ('/QFileSvr.400/gdihq/rob/test.txt')
TOOBJ('/home/rob/test3.txt')) JOB(TEST3) USER(DUMMY)
and that worked fine. Ok, passwords don't match. No special authority.
No problem. But this doesn't work
SBMJOB CMD(CPY OBJ('/QFileSvr.400/gdihq/rob/test.txt')
TOOBJ('/home/rob/test3.txt')) JOB(TEST3) USER(QNOTES)
The user isn't disabled.
Additional Message
Information

Message ID . . . . . . :
CPFA09C
Date sent . . . . . . : 01/21/13 Time sent . . . . . . : 14:
53:06

Message . . . . : Not authorized to object. Object
is
/QFileSvr.400/gdihq/rob/test.

I've opened up pmr 74204,500 with the i/os team.

Rob Berendt
_______________________________________________
This is the Lotus Domino on the IBM i (AS/400 and iSeries) (Domino400)
mailing list
To post a message email: Domino400@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/domino400
or email: Domino400-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/domino400.



_______________________________________________
This is the Lotus Domino on the IBM i (AS/400 and iSeries) (Domino400)
mailing list
To post a message email: Domino400@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/domino400
or email: Domino400-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/domino400.


_______________________________________________
This is the Lotus Domino on the IBM i (AS/400 and iSeries) (Domino400)
mailing list
To post a message email: Domino400@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/domino400
or email: Domino400-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/domino400.



As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2022 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.