Kerberos Setting

Use this board to ask questions or have discussions with other Genie users.
Post Reply
tcj2001
Profound User
Posts: 40
Joined: Tue Jun 28, 2011 4:55 pm
First Name: Thomson
Last Name: Mathews
Company Name: Chesapeake Energy
Contact:

Kerberos Setting

Post by tcj2001 »

We have enabled Kerberos on our Genie setup, and its logging the user directly based on the windows login. The problem we are facing is if the users password is expired on AS400, then it does not allow the user to login.

Do you have any work around for this.

Since the users are using kerberos to login to their AS400 session, their AS400 password is never required and it gets expired after the duration set by the Admins.
User avatar
David
Profound Logic Staff Member
Posts: 690
Joined: Fri Jan 04, 2008 12:11 pm
First Name: David
Last Name: Russo
Company Name: Profound Logic Software
Contact:

Re: Kerberos Setting

Post by David »

This is a behavior of the IBM HTTP Server. The Kerberos authentication is not performed by Genie -- rather the HTTP server is configured to take care of this.

Once authenticated to the HTTP server, it provides a "profile token" which Genie then uses to bypass the 5250 sign on display.

The HTTP server will not allow a user with expired password to authenticate -- even when using Kerberos authentication. I'm not aware of any way to configure it so that it will.

The system does allow users with PASSWORD(*NONE) to authenticate to the HTTP server with Kerberos. I'm not sure if that is an option for you.
Post Reply

Who is online

Users browsing this forum: No registered users and 0 guests