|
Charles is spot on - multiple users on a single desktop - each Windows
user is mapped to one user profile - if you don't force logging out of
Windows somehow, then it's the same as someone just leaving their
windows box running unlocked with a 5250 session open - security
breakdown - using SSO can't solve this human engineering issue.
A similar issue is, if a person needs to be an admin sometimes and a
regular user otherwise - those would need multiple windows logins - each
mapped to a different user profile - in the simplest scenario. There are
some additional EIM config things that might help here - haven't studied
that far yet.
I suppose, theoretically, that you COULD map many-one or one-many or
many-many in EIM - again, I've not tried much of that. I know that in
our app I could handle multiple mappings to our app users, maybe
displaying the choices. But this still depends on a single windows
domain user having been authenticated, not several.
The KISS principle applies strongly here.
HTH
Vern
On 4/3/2012 7:57 AM, Charles Wilt wrote:
You need to be clear about what you what to know about...--
In a SSO w/EIM environment, the participating user profiles on the i
are configured with PASSWORD(*NONE)
So QPWDLVL doesn't really matter.
As far as multiple users using a 5250 session from a single
desktop...not going to work...
You'd either need to leave those users out of SSO or force them to
sign out of windows and back in under the next users AD credentials.
If you simply want to replicate passwords, that's not SSO nor EIM.
Charles
On Tue, Apr 3, 2012 at 8:22 AM, Jack Kingsley<iseriesflorida@xxxxxxxxx> wrote:
Can anyone elaborate on how they might have moved forward with such a
project, also, how did you handle the AD side of things with those
credentials and then having them match on the "I" side of things. Were you
forced to change your QPWDLVL at all, was/is there a way around only 10
characaters for the as400 profile, was this an issue. How were you able to
get around mutliple users using a computer for 5250 access once the AD
credentials were verified granting access to the desktop.
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.