Hi All,
I am researching Kerberos in the IBM midrange environment. I am a developer.
I have client server desktop application. Front end java(using JT400 api) and backend Rpgle(PCML). So the client is using a mixture JDBC Sql and backend rpgle program calls.
My current situation is I log onto my desktop(Windows Sign on) and then have to log onto my application via my IBM i user id and password again.
I need to do a "proof of concept" single sign on where user should be able to use windows signon to use my application.
Two stages:-
1) need to create a SSO TEST environment.
2) makes my code changes and see if it works
Currently we a have a development IBM i that other developers use and I don't want to affect their work and signon.
I have read so much stuff about KDC and Windows Active Directory and EIM and confused.
I am not aloud near our production Windows Active directory config.
i) Do I need ask for a new System A(partition) and run a KDC server inside PASE and then configure EIM?
ii) I am already a windows user and windows workstation , enable it to use Kerberos(via Client Access) , define "user pricipals" in KDC?
ii) Add System "A" service principle to KDC?
iv) Verify if I from my laptop that client access gets 5250 screen without a sign on.
Any help or Overview what I need to do would help. I am not asking for a detailed explanation.
Regards,
JemrugIBMi
I am researching Kerberos in the IBM midrange environment. I am a developer.
I have client server desktop application. Front end java(using JT400 api) and backend Rpgle(PCML). So the client is using a mixture JDBC Sql and backend rpgle program calls.
My current situation is I log onto my desktop(Windows Sign on) and then have to log onto my application via my IBM i user id and password again.
I need to do a "proof of concept" single sign on where user should be able to use windows signon to use my application.
Two stages:-
1) need to create a SSO TEST environment.
2) makes my code changes and see if it works
Currently we a have a development IBM i that other developers use and I don't want to affect their work and signon.
I have read so much stuff about KDC and Windows Active Directory and EIM and confused.
I am not aloud near our production Windows Active directory config.
i) Do I need ask for a new System A(partition) and run a KDC server inside PASE and then configure EIM?
ii) I am already a windows user and windows workstation , enable it to use Kerberos(via Client Access) , define "user pricipals" in KDC?
ii) Add System "A" service principle to KDC?
iv) Verify if I from my laptop that client access gets 5250 screen without a sign on.
Any help or Overview what I need to do would help. I am not asking for a detailed explanation.
Regards,
JemrugIBMi
Comment