× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. RPG400-L
  3. March 2020

Re: RPG program - Kerberos Authentication


Sorry if I did not provide my problem statement correctly

We want to enable SSO for our RPG based application, our product is deployed at several customer sites and is already a licensed product
Most of our customers do not create unique IBM i user profile for each user and share the server login credentials, mostly controlled by their internal compliance and we cannot force all our customers to create unique IBM i user profiles for each user
Our product currently has its own authentication module based on user name and password, each of our product user is provided with unique product username but not unique IBM i server username. Due to high volume of password reset request to their IT team our customers are looking for SSO solution


On Mar 31, 2020, at 5:28 PM, Kevin Wright <kevin.wright@xxxxxxxxxxxx> wrote:

Perhaps if you had told us the actual problem that you have rather than the
solution you are trying to shoehorn in then help could have been more apt.

Here are some possibilities given the info we have so far:

1. Somehow enforce using unique IBM i user IDs. That way all of the Kerberos
stuff is already done.
2. Set your product up as a licensed product with seat limitations
3. Set up your own "seat limiting mechanism" that does not rely on unique
user IDs

Regards,

Kevin Wright

-----Original Message-----
From: RPG400-L <rpg400-l-bounces@xxxxxxxxxxxxxxxxxx> On Behalf Of Rajesh
Ravindran
Sent: Wednesday, 1 April 2020 8:11 AM
To: RPG programming on IBM i <rpg400-l@xxxxxxxxxxxxxxxxxx>
Subject: Re: RPG program - Kerberos Authentication


Our product is installed at several customer sites but most of them will be
using IBM i Access for Windows or ACS emulator

As there could be other applications running on our customer’s IBM i server,
we are unsure if they will be ready to share the krbsrv400 SPN and it’s
corresponding key stored in the keytab file. So we are trying to create a
new SPN and keytab file for our product so that we can secure our product
access key
--
This is the RPG programming on IBM i (RPG400-L) mailing list
To post a message email: RPG400-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/rpg400-l
or email: RPG400-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/rpg400-l.

Please contact support@xxxxxxxxxxxx for any subscription related questions.

Help support midrange.com by shopping at amazon.com with our affiliate link: https://amazon.midrange.com

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.