Re: Free MFA for IBM i -- MIDRANGE-L

Subject: Re: Free MFA for IBM i
From: cesco <emaxt6@xxxxxxxxx>
Date: Tue, 8 Apr 2025 19:23:13 +0000 (UTC)
List-archive: <https://archive.midrange.com/midrange-l/>
List-post: <mailto:midrange-l@lists.midrange.com>
List-subscribe: <https://lists.midrange.com/mailman/listinfo/midrange-l>, <mailto:midrange-l-request@lists.midrange.com?subject=subscribe>
List-unsubscribe: <https://lists.midrange.com/mailman/options/midrange-l>, <mailto:midrange-l-request@lists.midrange.com?subject=unsubscribe>

We sync the passwords on all lpars of IBM i (and Windows, etc) with IBM
Security Verify Governance - Identity Manager. Can the TOTP match on all
LPARs also?

Dunno, it's product question that should be asked to IBM.
I use powerHA to sync the profiles attributes between the cluster machines, same question.
But we are at the first releases of such system, let's see how it will evolve in terms of API and tooling....

But I can see that somebody couldn't like to pass around between machines what's basically a shared secret password from a design standpoint, that - compared to a the standard user hashed password - is reversable cryptography, so the trust exchange between the machines should be well designed in case and very strict security wise (if that would be the case...)

As an Amazon Associate we earn from qualifying purchases.

This mailing list archive is Copyright 1997-2025 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.