New V5R3 security options (SSO, EIM, ...)

Brian Krings, IBM

June 14, 2005 FASUG Meeting

In V5R2 and enhanced in V5R3 of i5/OS, iSeries announced support for Single Sign-On (SSO). In this presentation, we will discuss in details of what makes SSO work. Starting with Network Authentication Service (OS/400's implementation of the Kerberos protocol) and progressing through the use of Enterprise Identity Mapping (EIM), we will step through how iSeries Navigator implemented SSO. Once that is complete, we will discuss what is needed to install/configure SSO at your workplace. Finally, we will discuss the common problems encountered when implementing SSO and how to fix them. Because Brian owns the Network Authentication Service implementation on the iSeries and also works as Level 3 for SSO customer issues, much of this pitch comes from "real world" examples.

Our Speaker, Brian Krings, started with IBM Rochester in 1988 as a programmer in what is now part of Global Services supporting IBM Rochester's internal engineering tracking systems. Shortly thereafter, he supported the Mechanical Design Automation (MDA) software namely CATIA. In this role, he led the effort of migrating the development tools from the MVS operating system to an AIX based workstation solution. This provided him with a solid background of different operating systems and also working closely with customers (the designers).

In 1997, Brian joined the OS/400 security team initially focusing on security aspects of what was then Operations Navigator. He has also designed portions of security auditing in V5R3 of i5/OS namely the QAUDLVL2 implementation. Since V5R1 he has been responsible for delivering the Kerberos Protocol via Network Authentication Service. In V5R3 of i5/OS, a Kerberos server running in PASE was also delivered. In V5R2, a number of components enabled their interfaces to use Kerberos authentication which was instrumental in providing a Single Sign-on solution for our customers. The Kerberos Protocol along with Enterprise Identity Mapping (EIM) provides our customers an avenue towards password elimination.

Currently, he is working on furthering the Single Sign-on support to other IBM products. Brian has a B.S. in Applied Mathematics from the University of Wisconsin-Stout. He has talked at COMMON and various user groups about Kerberos and Single Sign-on. In his spare time, Brian enjoys coaching his kids athletic teams, umpiring high school baseball and softball, and cheering on America's team - The Green Bay Packers.

Register OnLine to Attend this Meeting

Web Site by: Ashway Consulting, LLC