To add to the price question - for EIM it's largely a matter of some grunt work to enter user IDs for Windows and the i - that'll take a little while - no tools at this time to help. But it's all API-based, so it's doable.

Setting up Kerberos (called Network Authentication Service on the i, cuz MIT does not let anyone use Kerberos in their product name) - setting it up is a one-time thing, and there's a nice wizard in Navigator.

You do want to be sure your DNS is in good shape.

There may be an article in developerworks that was written by the ISV support team. A starting point - I've not checked if it's there yet, they said it's forthcoming.

Vern

On 2/26/2012 12:54 PM, Shannon ODonnell wrote:
What's the price-range on iSeries to achieve EIM?

A recurring problem we have all seen with solutions like this is that they are priced so high their use becomes prohibitive.



-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of DrFranken
Sent: Sunday, February 26, 2012 12:44 PM
To: Midrange Systems Technical Discussion
Subject: Re: Software for signons on iSeries and network

You need single sign-on along with Enterprise Identity Mapping. This capability eliminates IBM i passwords completely (except for admins).
The very short course is that IBM i and your active directory are connected allowing the kerberose ticket present in your Windows session to be passed through IBM i to active directory for validation. The UserID sent back to IBM i from active directory is then correlated with that in EIM and that is the user ID used on IBM i. Thus you do not need the same userID on Windows and IBM i, you have no password on i at all, and as a result changing your windows password doesn't have any affect whatever on your IBM i signon because that's the only password you have.

- Larry "DrFranken" Bolhuis

On 2/26/2012 1:36 PM, fbocch2595@xxxxxxx wrote:
Hi Folks, we’re looking for software that will authenticate iSeries signons against our active directory, and keep them in sync with a users network password. In other words allowing automatic signon via the network password, AND keep them in sync. The net outcome would be so that when a user changes their network password it would also change their 400 password.

Your thoughts on this?


Thanks, Frank

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a moment to review the archives at http://archive.midrange.com/midrange-l.



As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2025 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.