If both of the systems have Network Authentication
Service and Enterprise Identity Mapping (EIM) configured, and the user has
authenticated with Kerberos, then Kerberos can be used to authenticate to
access a file system that resides on a target iSeries™ server.
If the Kerberos authentication fails, then the user
ID and password may be used to verify access.
Note: If the ticket-granting
ticket or the server ticket expires after the target server has verified your
access, the expiration will not be effective until the connection to the target
server has ended.
- To access a file system that resides on a target iSeries server,
you must have a user ID and password on the target server that matches the
user ID and password on the local server if Kerberos is not used to authenticate. Note: If your password on the local or target server is changed after the target server has verified your access, then the change is not reflected until the connection to the target server has ended. However, there is no delay if your user profile on the local server is deleted and another user profile is created with the same user ID. In this case, the QFileSvr.400 file system verifies that you have access to the target server.
- Object authority is based on the user profile that resides on the target server. That is, you are allowed to access an object in the file system on the target server only if your user profile on the target server has the proper authority to the object.