Re: QFileSvr.400 authority issue -- DOMINO400

EIM is authentication, not authorization. Can you give profile QNOTES
authority to objects in that directory?

On 2013-01-22, at 2:26 PM, rob@xxxxxxxxx wrote:

Does EIM play well with QFileSvr.400?

Rob Berendt
--
IBM Certified System Administrator - IBM i 6.1
Group Dekko
Dept 1600
Mail to: 2505 Dekko Drive
Garrett, IN 46738
Ship to: Dock 108
6928N 400E
Kendallville, IN 46755
http://www.dekko.com

From: <John_Taylor@xxxxxxxxx>
To: "Lotus Domino on the IBM i (AS/400 and iSeries)"
<domino400@xxxxxxxxxxxx>,
Date: 01/22/2013 12:14 PM
Subject: Re: QFileSvr.400 authority issue
Sent by: domino400-bounces@xxxxxxxxxxxx

This may be a bit 'off the wall' but IBM Enterprise Identity Mapping

(EIM)

happily lets users sign on with Password *NONE. It uses alternate forms

authentication such as Kerberos. Maybe it will work for QNOTES?

See http://www.redbooks.ibm.com/abstracts/sg246975.html for more on EIM.

Regards,

John Taylor
Chairman, Typex Group plc

From: <rob@xxxxxxxxx>
To: "Lotus Domino on the IBM i (AS/400 and iSeries)"
<domino400@xxxxxxxxxxxx>
Date: 22/01/2013 16:52
Subject: Re: QFileSvr.400 authority issue
Sent by: <domino400-bounces@xxxxxxxxxxxx>

Ok the issue is that QNOTES has
Password is *NONE . . . . . . . . . . . . : *YES

Is there a problem if I go and assign a password, and,
change "Password expiration interval" *NONE for QNOTES on all lpars?
Realizing that every time I upgrade Domino I may have to do a CHGUSRPRF
QNOTES.

Rob Berendt
--
IBM Certified System Administrator - IBM i 6.1
Group Dekko
Dept 1600
Mail to: 2505 Dekko Drive
Garrett, IN 46738
Ship to: Dock 108
6928N 400E
Kendallville, IN 46755
http://www.dekko.com

I ran CRTUSRPRF DUMMY on one lpar and CRTUSRPRF DUMMY PASSWORD(SOMETHING)

on another. Then from the first lpar I ran
SBMJOB CMD(CPY OBJ('/QFileSvr.400/gdihq/rob/test.txt')
TOOBJ('/home/rob/test3.txt')) JOB(TEST3) USER(DUMMY)
and that worked fine. Ok, passwords don't match. No special authority.
No problem. But this doesn't work
SBMJOB CMD(CPY OBJ('/QFileSvr.400/gdihq/rob/test.txt')
TOOBJ('/home/rob/test3.txt')) JOB(TEST3) USER(QNOTES)
The user isn't disabled.
Additional Message
Information

Message ID . . . . . . :
CPFA09C
Date sent . . . . . . : 01/21/13 Time sent . . . . . . : 14:
53:06

Message . . . . : Not authorized to object. Object
is
/QFileSvr.400/gdihq/rob/test.

I've opened up pmr 74204,500 with the i/os team.

Rob Berendt
_______________________________________________
This is the Lotus Domino on the IBM i (AS/400 and iSeries) (Domino400)
mailing list
To post a message email: Domino400@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/domino400
or email: Domino400-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/domino400.

_______________________________________________
This is the Lotus Domino on the IBM i (AS/400 and iSeries) (Domino400)
mailing list
To post a message email: Domino400@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/domino400
or email: Domino400-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/domino400.

_______________________________________________
This is the Lotus Domino on the IBM i (AS/400 and iSeries) (Domino400)

mailing list

To post a message email: Domino400@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/domino400
or email: Domino400-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/domino400.