Re: SSO/Choosing EIM Domain Controller -- MIDRANGE-L

I'm having a problem understanding the question.

A common approach is to let the Windows Active Directory be the
Kerberos server. That supports SSO within the Windows domain.

EIM maps the Windows network name of a user to his or her i5/OS
profile name. Why would you need EIM to be running if the i5/OS
system is down? If you can't access EIM, you wouldn't access
anything else on that box either.

Our Lotus Notes is on a PC server. Web Access supports SSO, though I
don't know if that's true when the server isn't iSeries hosted.

In more general terms, isn't the point of EIM that an application wouldn't
have to be iSeries based? Anything that can access an LDAP server could
have an EIM identifier. It doesn't apply to my shop right now, but if EIM
can be used by zSeries, pSeries and Linux, why would I want a situation
where the authentication mechanism is working (via Kerberos in Windows)
and the identification mechanism is down for saves (via EIM on OS/400)?

I'll admit that I am a lot more comfortable with security on an iSeries
LDAP, especially since Windows 2003 server DNS has an unpatched exploit
actively being used, but it still seems that both authentication and
identification would be better served from being on the same platform.

In any case, we'll just run with EIM on the iSeries and deal with any
further issues when we have to.....

This mailing list archive is Copyright 1997-2026 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.