ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzahq_5.4.0.1/rzahqencco.htm

<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
      "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en-US" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="dc.language" scheme="rfc1766" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights                   -->
<!-- Use, duplication or disclosure restricted by            -->
<!-- GSA ADP Schedule Contract with IBM Corp.                -->
<meta name="dc.date" scheme="iso8601" content="2005-09-13" />
<meta name="copyright" content="(C) Copyright IBM Corporation 1998, 2006" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow"/>
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<title>Types of user configurations</title>
<link rel="stylesheet" type="text/css" href="ibmidwb.css" />
<link rel="stylesheet" type="text/css" href="ic.css" />
</head>
<body>
<a id="Top_Of_Page" name="Top_Of_Page"></a><!-- Java sync-link --> 
<script language = "Javascript" src = "../rzahg/synch.js" type="text/javascript"></script>


<a name="rzahqencco"></a>
<h3 id="rzahqencco">Types of user configurations</h3>
<p>It is helpful to think of integrated Windows users as fitting into three
basic types:</p>
<ul>
<li><span class="bold">Traditional user (password managed by i5/OS&trade;)</span> 
<br />By
default users are set to this type. This user works in both Windows and i5/OS. The i5/OS password and Windows password will be synchronized. Each time that
the integrated Windows server is restarted, the user's password will be reset
to the i5/OS password. Password changes can only be made in i5/OS. This user
type is recommended for running File Level Backup and remote Windows commands.
To set a Windows user to this configuration, use WRKUSRPRF to set the user
profile attribute LCLPWDMGT to *YES.</li>
<li><span class="bold">Windows password-managed user</span> 
<br />This person does all or most of their work in Windows and may never, or rarely,
sign-on to i5/OS. If the user signs-on to i5/OS, they must use an authentication method
such as Kerberos to access i5/OS. This is discussed in the next section:
Windows user with Enterprise Identity Mapping (EIM) configured.
<p>When the
user profile attribute LCLPWDMGT(*NO) is defined for an i5/OS user, the i5/OS user profile password is set to *NONE. The i5/OS enrollment password is saved until Windows
enrollment is successfully completed. After the i5/OS user is enrolled to Windows, the Windows
user may change and manage their password in Windows without i5/OS overwriting
their password. Using this method allows for a more secure environment because
there are fewer passwords being managed.  To read how to create a user of
this type, see <a href="rzahqchangepwdwindows.htm#rzahqchangepwdwindows">Changing the LCLPWDMGT user profile attribute</a>.</p></li>
<li><span class="bold">Windows user with Enterprise Identity Mapping (EIM) associations
automatically configured </span> 
<br /> Specifying the user
profile attribute of EIMASSOC to be *TGT, TGTSRC, or *ALL allows the integrated
server to automatically define EIM Windows source associations. Using the
automatic definitions of associations makes configuring EIM easier.  To read
how to create a user of this type, see <a href="rzahqeim.htm#rzahqeim">Enterprise Identity Mapping (EIM)</a>.</li>
<li><span class="bold">Windows user with Enterprise Identity Mapping (EIM) associations
manually configured </span> 
<br />The user may choose to manually
define EIM Windows source associations. This method may be used to set the i5/OS user profile to be enrolled to a different Windows user profile name.
The user must manually define an i5/OS target association for the i5/OS user profile
and also a Windows source association for the same EIM identifier.</li></ul>
<a name="wq32"></a>
<table id="wq32" width="100%" summary="" border="1" frame="border" rules="all" class="singleborder">
<caption>Table 1.  Types of user configurations</caption>
<thead valign="bottom">
<tr class="tablemainheaderbar">
<th id="wq33" align="left" valign="top">User type</th>
<th id="wq34" align="left" valign="top">Function provided</th>
<th id="wq35" align="left" valign="top">User profile definition</th>
</tr>
</thead>
<tbody valign="top">
<tr>
<td headers="wq33"><span class="bold">Traditional</span></td>
<td headers="wq34">
<ul>
<li>Both i5/OS and Windows fully functional.</li>
<li>Easy to configure.</li>
<li>Password is changed from i5/OS.</li>
<li>i5/OS and Windows user ID and passwords will be identical.</li>
<li>Recommended for system administrators, users who frequently use i5/OS, or for systems
which use i5/OS for back up and restoration of user profiles.</li></ul></td>
<td headers="wq35">LCLPWDMGT(*YES) and no EIM Windows source associations
defined.</td>
</tr>
<tr>
<td headers="wq33"><span class="bold">Windows password-managed user</span></td>
<td headers="wq34">
<ul>
<li>Password can be changed from Windows.</li>
<li>Simple configuration.</li>
<li>Windows password administration makes this configuration more secure because
the i5/OS password is *NONE.</li>
<li>i5/OS sign-on requires an authentication method such as iSeries&trade; Navigator
provides with their support of i5/OS sign-on using Kerberos.</li></ul></td>
<td headers="wq35">LCLPWDMGT(*NO)</td>
</tr>
<tr>
<td headers="wq33"><span class="bold">Windows user with Enterprise Identity
Mapping (EIM) associations auto configured</span></td>
<td headers="wq34">Automatic creation of Windows source associations makes
it easier to set up and configure to use Kerberos enabled applications.</td>
<td headers="wq35">For example: EIMASSOC(*CHG *TARGET *ADD *CRTEIMID)</td>
</tr>
<tr>
<td headers="wq33"><span class="bold">Windows user with Enterprise Identity
Mapping (EIM) associations manually configured</span></td>
<td headers="wq34">Allows the user to define EIM associations for enrolled i5/OS user profiles to be different user profiles in Windows.</td>
<td headers="wq35">Use iSeries Navigator to manually define EIM i5/OS target associations and Windows source associations.</td>
</tr>
</tbody>
</table>
<a id="Bot_Of_Page" name="Bot_Of_Page"></a>
</body>
</html>
Add readme and dist folders 2024-04-02 14:02:31 +00:00			`<?xml version="1.0" encoding="utf-8"?>`
			`<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"`
			`"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">`
			`<html xmlns="http://www.w3.org/1999/xhtml" lang="en-US" xml:lang="en-us">`
			`<head>`
			`<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />`
			`<meta name="dc.language" scheme="rfc1766" content="en-us" />`
			`<!-- All rights reserved. Licensed Materials Property of IBM -->`
			`<!-- US Government Users Restricted Rights -->`
			`<!-- Use, duplication or disclosure restricted by -->`
			`<!-- GSA ADP Schedule Contract with IBM Corp. -->`
			`<meta name="dc.date" scheme="iso8601" content="2005-09-13" />`
			`<meta name="copyright" content="(C) Copyright IBM Corporation 1998, 2006" />`
			`<meta name="security" content="public" />`
			`<meta name="Robots" content="index,follow"/>`
			`<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />`
			`<title>Types of user configurations</title>`
			`<link rel="stylesheet" type="text/css" href="ibmidwb.css" />`
			`<link rel="stylesheet" type="text/css" href="ic.css" />`
			`</head>`
			`<body>`
			`<a id="Top_Of_Page" name="Top_Of_Page"></a><!-- Java sync-link -->`
			`<script language = "Javascript" src = "../rzahg/synch.js" type="text/javascript"></script>`


			`<a name="rzahqencco"></a>`
			`<h3 id="rzahqencco">Types of user configurations</h3>`
			`<p>It is helpful to think of integrated Windows users as fitting into three`
			`basic types:</p>`
			`<ul>`
			`<li><span class="bold">Traditional user (password managed by i5/OS™)</span>`
			`<br />By`
			`default users are set to this type. This user works in both Windows and i5/OS. The i5/OS password and Windows password will be synchronized. Each time that`
			`the integrated Windows server is restarted, the user's password will be reset`
			`to the i5/OS password. Password changes can only be made in i5/OS. This user`
			`type is recommended for running File Level Backup and remote Windows commands.`
			`To set a Windows user to this configuration, use WRKUSRPRF to set the user`
			`profile attribute LCLPWDMGT to *YES.</li>`
			`<li><span class="bold">Windows password-managed user</span>`
			`<br />This person does all or most of their work in Windows and may never, or rarely,`
			`sign-on to i5/OS. If the user signs-on to i5/OS, they must use an authentication method`
			`such as Kerberos to access i5/OS. This is discussed in the next section:`
			`Windows user with Enterprise Identity Mapping (EIM) configured.`
			`<p>When the`
			`user profile attribute LCLPWDMGT(NO) is defined for an i5/OS user, the i5/OS user profile password is set to NONE. The i5/OS enrollment password is saved until Windows`
			`enrollment is successfully completed. After the i5/OS user is enrolled to Windows, the Windows`
			`user may change and manage their password in Windows without i5/OS overwriting`
			`their password. Using this method allows for a more secure environment because`
			`there are fewer passwords being managed. To read how to create a user of`
			`this type, see <a href="rzahqchangepwdwindows.htm#rzahqchangepwdwindows">Changing the LCLPWDMGT user profile attribute</a>.</p></li>`
			`<li><span class="bold">Windows user with Enterprise Identity Mapping (EIM) associations`
			`automatically configured </span>`
			`<br /> Specifying the user`
			`profile attribute of EIMASSOC to be TGT, TGTSRC, or ALL allows the integrated`
			`server to automatically define EIM Windows source associations. Using the`
			`automatic definitions of associations makes configuring EIM easier. To read`
			`how to create a user of this type, see <a href="rzahqeim.htm#rzahqeim">Enterprise Identity Mapping (EIM)</a>.</li>`
			`<li><span class="bold">Windows user with Enterprise Identity Mapping (EIM) associations`
			`manually configured </span>`
			`<br />The user may choose to manually`
			`define EIM Windows source associations. This method may be used to set the i5/OS user profile to be enrolled to a different Windows user profile name.`
			`The user must manually define an i5/OS target association for the i5/OS user profile`
			`and also a Windows source association for the same EIM identifier.</li></ul>`
			`<a name="wq32"></a>`
			`<table id="wq32" width="100%" summary="" border="1" frame="border" rules="all" class="singleborder">`
			`<caption>Table 1. Types of user configurations</caption>`
			`<thead valign="bottom">`
			`<tr class="tablemainheaderbar">`
			`<th id="wq33" align="left" valign="top">User type</th>`
			`<th id="wq34" align="left" valign="top">Function provided</th>`
			`<th id="wq35" align="left" valign="top">User profile definition</th>`
			`</tr>`
			`</thead>`
			`<tbody valign="top">`
			`<tr>`
			`<td headers="wq33"><span class="bold">Traditional</span></td>`
			`<td headers="wq34">`
			`<ul>`
			`<li>Both i5/OS and Windows fully functional.</li>`
			`<li>Easy to configure.</li>`
			`<li>Password is changed from i5/OS.</li>`
			`<li>i5/OS and Windows user ID and passwords will be identical.</li>`
			`<li>Recommended for system administrators, users who frequently use i5/OS, or for systems`
			`which use i5/OS for back up and restoration of user profiles.</li></ul></td>`
			`<td headers="wq35">LCLPWDMGT(*YES) and no EIM Windows source associations`
			`defined.</td>`
			`</tr>`
			`<tr>`
			`<td headers="wq33"><span class="bold">Windows password-managed user</span></td>`
			`<td headers="wq34">`
			`<ul>`
			`<li>Password can be changed from Windows.</li>`
			`<li>Simple configuration.</li>`
			`<li>Windows password administration makes this configuration more secure because`
			`the i5/OS password is *NONE.</li>`
			`<li>i5/OS sign-on requires an authentication method such as iSeries™ Navigator`
			`provides with their support of i5/OS sign-on using Kerberos.</li></ul></td>`
			`<td headers="wq35">LCLPWDMGT(*NO)</td>`
			`</tr>`
			`<tr>`
			`<td headers="wq33"><span class="bold">Windows user with Enterprise Identity`
			`Mapping (EIM) associations auto configured</span></td>`
			`<td headers="wq34">Automatic creation of Windows source associations makes`
			`it easier to set up and configure to use Kerberos enabled applications.</td>`
			`<td headers="wq35">For example: EIMASSOC(CHG TARGET ADD CRTEIMID)</td>`
			`</tr>`
			`<tr>`
			`<td headers="wq33"><span class="bold">Windows user with Enterprise Identity`
			`Mapping (EIM) associations manually configured</span></td>`
			`<td headers="wq34">Allows the user to define EIM associations for enrolled i5/OS user profiles to be different user profiles in Windows.</td>`
			`<td headers="wq35">Use iSeries Navigator to manually define EIM i5/OS target associations and Windows source associations.</td>`
			`</tr>`
			`</tbody>`
			`</table>`
			`<a id="Bot_Of_Page" name="Bot_Of_Page"></a>`
			`</body>`
			`</html>`