Profound Logic Forums

We have enabled Kerberos on our Genie setup, and its logging the user directly based on the windows login. The problem we are facing is if the users password is expired on AS400, then it does not allow the user to login.

Do you have any work around for this.

Since the users are using kerberos to login to their AS400 session, their AS400 password is never required and it gets expired after the duration set by the Admins.

This is a behavior of the IBM HTTP Server. The Kerberos authentication is not performed by Genie -- rather the HTTP server is configured to take care of this.

Once authenticated to the HTTP server, it provides a "profile token" which Genie then uses to bypass the 5250 sign on display.

The HTTP server will not allow a user with expired password to authenticate -- even when using Kerberos authentication. I'm not aware of any way to configure it so that it will.

The system does allow users with PASSWORD(*NONE) to authenticate to the HTTP server with Kerberos. I'm not sure if that is an option for you.