No announcement yet.

Baby Steps Kerberos

  • Filter
  • Time
  • Show
Clear All
new posts

  • Baby Steps Kerberos

    Hi All,

    I am researching Kerberos in the IBM midrange environment. I am a developer.

    I have client server desktop application. Front end java(using JT400 api) and backend Rpgle(PCML). So the client is using a mixture JDBC Sql and backend rpgle program calls.

    My current situation is I log onto my desktop(Windows Sign on) and then have to log onto my application via my IBM i user id and password again.

    I need to do a "proof of concept" single sign on where user should be able to use windows signon to use my application.

    Two stages:-
    ​​​​1) need to create a SSO TEST environment.
    2) makes my code changes and see if it works

    Currently we a have a development IBM i that other developers use and I don't want to affect their work and signon.

    I have read so much stuff about KDC and Windows Active Directory and EIM and confused.

    I am not aloud near our production Windows Active directory config.

    i) Do I need ask for a new System A(partition) and run a KDC server inside PASE and then configure EIM?
    ii) I am already a windows user and windows workstation , enable it to use Kerberos(via Client Access) , define "user pricipals" in KDC?
    ii) Add System "A" service principle to KDC?
    iv) Verify if I from my laptop that client access gets 5250 screen without a sign on.

    Any help or Overview what I need to do would help. I am not asking for a detailed explanation.



  • #2
    Guys ,

    I have managed to get a partition system , having problems starting iSeries web navigator . Once I get this working:-

    can I just have do everything in EIM and my client access?

    Will I still need Windows domain controller?