ibm-information-center/dist/eclipse/plugins/i5OS.ic.ifs_5.4.0.1/rzaaxos4sec.htm

72 lines
5.2 KiB
HTML
Raw Permalink Normal View History

2024-04-02 14:02:31 +00:00
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="reference" />
<meta name="DC.Title" content="Security and object authority in the QFileSvr.400 file system" />
<meta name="abstract" content="If both of the systems have Network Authentication Service and Enterprise Identity Mapping (EIM) configured, and the user has authenticated with Kerberos, then Kerberos can be used to authenticate to access a file system that resides on a target iSeries server." />
<meta name="description" content="If both of the systems have Network Authentication Service and Enterprise Identity Mapping (EIM) configured, and the user has authenticated with Kerberos, then Kerberos can be used to authenticate to access a file system that resides on a target iSeries server." />
<meta name="DC.subject" content="authority, limitations for QFileSvr.400 file system, security, limitations for QFileSvr.400 file system" />
<meta name="keywords" content="authority, limitations for QFileSvr.400 file system, security, limitations for QFileSvr.400 file system" />
<meta name="DC.Relation" scheme="URI" content="rzaaxrfsfs.htm" />
<meta name="DC.Relation" scheme="URI" content="../rzakh/rzakh000.htm" />
<meta name="DC.Relation" scheme="URI" content="../rzalv/rzalvmst.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 1999, 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 1999, 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="rzaaxos4sec" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Security and object authority in the QFileSvr.400 file system</title>
</head>
<body id="rzaaxos4sec"><a name="rzaaxos4sec"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Security and object authority in the QFileSvr.400 file system</h1>
<div><p><span><img src="./delta.gif" alt="Start of change" />If both of the systems have Network Authentication
Service and Enterprise Identity Mapping (EIM) configured, and the user has
authenticated with Kerberos, then Kerberos can be used to authenticate to
access a file system that resides on a target <span class="keyword">iSeries™</span> server.<img src="./deltaend.gif" alt="End of change" /></span></p>
<div class="section"><div class="p">If the Kerberos authentication fails, then the user
ID and password may be used to verify access. <div class="note"><span class="notetitle">Note:</span> If the ticket-granting
ticket or the server ticket expires after the target server has verified your
access, the expiration will not be effective until the connection to the target
server has ended. </div>
</div>
<ul><li>To access a file system that resides on a target <span class="keyword">iSeries server</span>,
you must have a user ID and password on the target server that matches the
user ID and password on the local server if Kerberos is not used to authenticate. <div class="note"><span class="notetitle">Note:</span> If
your password on the local or target server is changed after the target server
has verified your access, then the change is not reflected until the connection
to the target server has ended. However, there is no delay if your user profile
on the local server is deleted and another user profile is created with the
same user ID. In this case, the QFileSvr.400 file system verifies that you
have access to the target server.</div>
</li>
<li>Object authority is based on the user profile that resides on the target
server. That is, you are allowed to access an object in the file system on
the target server only if your user profile on the target server has the proper
authority to the object.</li>
</ul>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzaaxrfsfs.htm" title="The QFileSvr.400 file system provides transparent access to other file systems that reside on remote iSeries servers. It is accessed through a hierarchical directory structure.">i5/OS file server file system (QFileSvr.400)</a></div>
</div>
<div class="relinfo"><strong>Related information</strong><br />
<div><a href="../rzakh/rzakh000.htm">Network authentication service</a></div>
<div><a href="../rzalv/rzalvmst.htm">Enterprise Identity Mapping (EIM)</a></div>
</div>
</div>
</body>
</html>