Re: EIM SSO expired password issues -- MIDRANGE-L

True enough, but some other things don't, so I think the advice still holds to have *NONE for password for interactive users.

Cheers
Vern

On 8/30/2017 6:46 PM, Justin Taylor wrote:

ODBC works with EIM with the iAccess client (both old & new style).

We use EIM for:
5250
Apache
ODBC
NetServer
QNTC

________________________________
From: Vernon Hamberg <vhamberg@xxxxxxxxxxxxxxx>
Sent: Wednesday, August 30, 2017 5:28 PM
To: midrange-l@xxxxxxxxxxxx
Subject: Re: EIM SSO expired password issues

Hi Paul

This is valid behavior.

Basic concept - SSO means that a password is not used or needed. It is
not even considered when authenticating, since SSO assumes that
authenticating is done by the 3rd-party trusted Kerberos ticket manager,
which is Windows in your case.

So since this is valid behavior, I would say that your regular user
profiles should all be set to PASSWORD(*NONE) - this prevents the use of
this profile for things like ODBC, say, as I understand it.

There are other considerations I won't speak of, such as profiles you
need for access to the machine when Kerberos is broken.

HTH
Vern

This mailing list archive is Copyright 1997-2026 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.