Provided you don't need to pull in too many user repositories (other
platforms, application user databases, etc.), it looks to me that you would
be a perfect candidate for implementing EIM via your System i's built-in
capabilities. That's not to say that IBM's EIM won't work with multiple
repositories, rather I am commenting based upon what you asked. EIM SSO
will let you integrate System i sign-ons with your primary AD security
source and effectively eliminate passwords on the System i side (if you so
choose). And, it is not an all or nothing proposition either, so it can be
rolled out in stages.
Also, while you don't need a third-party product per se, depending upon the
size of your environment (in total System i users - say, above 300 or so),
it may be necessary to ease the administration burden of managing the
identity mappings. PowerTech acquired an EIM SSO tool a couple years back
called TriAWorks that was designed to help in that area. I was just about
to pull the trigger with TriAWorks back in 2004, but I was presented with an
"offer I couldn't refuse" and left that company. Check them out. I'm sure
there are other vendors, too.
Best regards,
Steven W. Martinson, CISA, CISM, CISSP
Security Consultant
Cypress, Texas
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact
[javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.