× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. JAVA400-L
  3. April 2004

RE: Websphere authenticating to a remote as/400 and Envoy

Thank you very much Joe and David for your insight. 

Here at work we had discussed using an LPAD system on the 400. The 400 admin
has told me that it is possible to use an LDAP repository instead of user
profiles for authentication. We also run a windows network. From what I am
told, the 400 can be set up to use a remote LDAP repository for storage of
user information. We were going to see if we could use the Active Directory
LDAP repository in windows for all our user info. This way if someone tried
to log on to either the 400 or the windows network they would be
authenticating against the same information. Users would also only have to
change their password in one place without remembering two different
signons. This would also solve the problem of moving the Websphere server to
a windows box as the current user information from the 400 would be in
Active Directory. 

Does anyone have any idea if this is feasible?

-----Original Message-----
From: Joe Pluta [mailto:joepluta@xxxxxxxxxxxxxxxxx] 
Sent: Tuesday, April 20, 2004 3:48 PM
To: 'Java Programming on and around the iSeries / AS400'
Subject: RE: Websphere authenticating to a remote as/400 and Envoy

> From: Todd Bryant
> 
> I see. So, just so I completely clear, they are not authenticating
against
> 400 profiles, they are using bsd user accounts, in the case of the one
> running FreeBSD? That makes sense. I was wondering how one would get
past
> this limitation.

That's exactly correct, Todd.  They use a standard authentication list
in FreeBSD.  They then use the PSC/400 security exit program to convert
that user ID into an iSeries user profile (the exit program also lets
you check things like remote IP address).  This allows them to use long
names and passwords without messing with their iSeries settings, and
also to avoid having iSeries profiles and passwords out in the wild.

As Mr. Morris points out, in the realm of single signon, which is
currently a hot-and-getting-hotter topic, the de jure standard right now
is Kerberos.

Joe

_______________________________________________
This is the Java Programming on and around the iSeries / AS400 (JAVA400-L)
mailing list
To post a message email: JAVA400-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/java400-l
or email: JAVA400-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/java400-l.

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.