Greetings, First… MFA is not free, its included 😊 Built into the operating system and the user profile objects.
Question - Can the TOTP be the same for the ‘same’ profile across each system ? Yes. The first step of course is the owner of that profile needs to set their Key in their User profile and their client authenticator app. Since just like the password, the TOTP key part of the user profile object. The code to update the profiles will update the password and totp key on the same profile on the target system. Within the Navigator, there is a feature to ‘copy’ a created user profile to a target system. You can select one or more user profiles, and send those profiles to any number of end point target systems. The TOTP key is included with this copy.
Thanks Tim
[Logo Description automatically generated]Tim Rowe - timmr@xxxxxxxxxx<mailto:timmr@xxxxxxxxxx>
STSM – Application Development & Systems Management
IBM i ISV Council
IBM i Development Lab, Rochester MN
507-250-1293
ACS -
http://ibm.biz/IBMi_ACS
Navigator -
http://ibm.biz/IBMi_Nav4i
We sync the passwords on all lpars of IBM i (and Windows, etc) with IBM
Security Verify Governance - Identity Manager.? Can the TOTP match on all
LPARs also?
Dunno, it's product question that should be asked to IBM.
I use powerHA to sync the profiles attributes between the cluster machines, same question.
But we are at the first releases of such system, let's see how it will evolve in terms of API and tooling....
But I can see that somebody couldn't like to pass around between machines what's basically a shared secret password from a design standpoint, that - compared to a the standard user hashed password - is reversable cryptography, so the trust exchange between the machines should be well designed in case and very strict security wise (if that would be the case...)
***************************************
midrange.com
