|
midrange.com
Hello Paul
Dan Riehl and I set up SSO for customers on a regular basis. Yes, it
can be a challenge especially when you are first learning what needs to
be done, but we've found the things that will cause problems and know
how to avoid them. I think the biggest hurdle is that the available
documention is very weak. The appendix in Pat Botz's book is the best
reference I've been able to find.
Here are some of the things I've found:
1) Your network configuration is critical to successully configuring
Kerberos and LDAP. If it is clean you won't have trouble. I often use
the NETSTAT command on the iSeries which is installed as part of DNS,
option #31 for 5722SS1
2) While OS/400 has supported SSO since V5R2 you will have a much easier
time working with V5R3 and V5R4. If you have to use V5R2 at least use
Client Access at V5R3.
3) Configuring SSO for emulation is trivial compared to doing so for
Netserver.
4) Most of the errors you encounter can be found by Googling on the
message id. IBM, our site and IT Jungle have most of them covered.
It would be best if there was better documentation but that is where we
are right now. I've talked to a number of administrators who have set
up SSO themselves, but many just hire us do it for them since it is
typically a one time project. Ongoing maintenance is trivial compared
to the original setup.
/* Vendor comment */
Yes, we do have a product that makes configuring the associations much
easier to do.
/* End comment */
Regards,
Nick Blattner
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2025 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
