We have enabled Kerberos on our Genie setup, and its logging the user directly based on the windows login. The problem we are facing is if the users password is expired on AS400, then it does not allow the user to login.
Do you have any work around for this.
Since the users are using kerberos to login to their AS400 session, their AS400 password is never required and it gets expired after the duration set by the Admins.
Kerberos Setting
-
- Profound User
- Posts: 40
- Joined: Tue Jun 28, 2011 4:55 pm
- First Name: Thomson
- Last Name: Mathews
- Company Name: Chesapeake Energy
- Contact:
- David
- Profound Logic Staff Member
- Posts: 690
- Joined: Fri Jan 04, 2008 12:11 pm
- First Name: David
- Last Name: Russo
- Company Name: Profound Logic Software
- Contact:
Re: Kerberos Setting
This is a behavior of the IBM HTTP Server. The Kerberos authentication is not performed by Genie -- rather the HTTP server is configured to take care of this.
Once authenticated to the HTTP server, it provides a "profile token" which Genie then uses to bypass the 5250 sign on display.
The HTTP server will not allow a user with expired password to authenticate -- even when using Kerberos authentication. I'm not aware of any way to configure it so that it will.
The system does allow users with PASSWORD(*NONE) to authenticate to the HTTP server with Kerberos. I'm not sure if that is an option for you.
Once authenticated to the HTTP server, it provides a "profile token" which Genie then uses to bypass the 5250 sign on display.
The HTTP server will not allow a user with expired password to authenticate -- even when using Kerberos authentication. I'm not aware of any way to configure it so that it will.
The system does allow users with PASSWORD(*NONE) to authenticate to the HTTP server with Kerberos. I'm not sure if that is an option for you.
Who is online
Users browsing this forum: No registered users and 1 guest