72 lines
5.2 KiB
HTML
72 lines
5.2 KiB
HTML
<?xml version="1.0" encoding="UTF-8"?>
|
|
<!DOCTYPE html
|
|
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
|
<html lang="en-us" xml:lang="en-us">
|
|
<head>
|
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
|
<meta name="security" content="public" />
|
|
<meta name="Robots" content="index,follow" />
|
|
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
|
|
<meta name="DC.Type" content="reference" />
|
|
<meta name="DC.Title" content="Security and object authority in the QFileSvr.400 file system" />
|
|
<meta name="abstract" content="If both of the systems have Network Authentication Service and Enterprise Identity Mapping (EIM) configured, and the user has authenticated with Kerberos, then Kerberos can be used to authenticate to access a file system that resides on a target iSeries server." />
|
|
<meta name="description" content="If both of the systems have Network Authentication Service and Enterprise Identity Mapping (EIM) configured, and the user has authenticated with Kerberos, then Kerberos can be used to authenticate to access a file system that resides on a target iSeries server." />
|
|
<meta name="DC.subject" content="authority, limitations for QFileSvr.400 file system, security, limitations for QFileSvr.400 file system" />
|
|
<meta name="keywords" content="authority, limitations for QFileSvr.400 file system, security, limitations for QFileSvr.400 file system" />
|
|
<meta name="DC.Relation" scheme="URI" content="rzaaxrfsfs.htm" />
|
|
<meta name="DC.Relation" scheme="URI" content="../rzakh/rzakh000.htm" />
|
|
<meta name="DC.Relation" scheme="URI" content="../rzalv/rzalvmst.htm" />
|
|
<meta name="copyright" content="(C) Copyright IBM Corporation 1999, 2006" />
|
|
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 1999, 2006" />
|
|
<meta name="DC.Format" content="XHTML" />
|
|
<meta name="DC.Identifier" content="rzaaxos4sec" />
|
|
<meta name="DC.Language" content="en-us" />
|
|
<!-- All rights reserved. Licensed Materials Property of IBM -->
|
|
<!-- US Government Users Restricted Rights -->
|
|
<!-- Use, duplication or disclosure restricted by -->
|
|
<!-- GSA ADP Schedule Contract with IBM Corp. -->
|
|
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
|
|
<link rel="stylesheet" type="text/css" href="./ic.css" />
|
|
<title>Security and object authority in the QFileSvr.400 file system</title>
|
|
</head>
|
|
<body id="rzaaxos4sec"><a name="rzaaxos4sec"><!-- --></a>
|
|
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
|
|
<h1 class="topictitle1">Security and object authority in the QFileSvr.400 file system</h1>
|
|
<div><p><span><img src="./delta.gif" alt="Start of change" />If both of the systems have Network Authentication
|
|
Service and Enterprise Identity Mapping (EIM) configured, and the user has
|
|
authenticated with Kerberos, then Kerberos can be used to authenticate to
|
|
access a file system that resides on a target <span class="keyword">iSeries™</span> server.<img src="./deltaend.gif" alt="End of change" /></span></p>
|
|
<div class="section"><div class="p">If the Kerberos authentication fails, then the user
|
|
ID and password may be used to verify access. <div class="note"><span class="notetitle">Note:</span> If the ticket-granting
|
|
ticket or the server ticket expires after the target server has verified your
|
|
access, the expiration will not be effective until the connection to the target
|
|
server has ended. </div>
|
|
</div>
|
|
<ul><li>To access a file system that resides on a target <span class="keyword">iSeries server</span>,
|
|
you must have a user ID and password on the target server that matches the
|
|
user ID and password on the local server if Kerberos is not used to authenticate. <div class="note"><span class="notetitle">Note:</span> If
|
|
your password on the local or target server is changed after the target server
|
|
has verified your access, then the change is not reflected until the connection
|
|
to the target server has ended. However, there is no delay if your user profile
|
|
on the local server is deleted and another user profile is created with the
|
|
same user ID. In this case, the QFileSvr.400 file system verifies that you
|
|
have access to the target server.</div>
|
|
</li>
|
|
<li>Object authority is based on the user profile that resides on the target
|
|
server. That is, you are allowed to access an object in the file system on
|
|
the target server only if your user profile on the target server has the proper
|
|
authority to the object.</li>
|
|
</ul>
|
|
</div>
|
|
</div>
|
|
<div>
|
|
<div class="familylinks">
|
|
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzaaxrfsfs.htm" title="The QFileSvr.400 file system provides transparent access to other file systems that reside on remote iSeries servers. It is accessed through a hierarchical directory structure.">i5/OS file server file system (QFileSvr.400)</a></div>
|
|
</div>
|
|
<div class="relinfo"><strong>Related information</strong><br />
|
|
<div><a href="../rzakh/rzakh000.htm">Network authentication service</a></div>
|
|
<div><a href="../rzalv/rzalvmst.htm">Enterprise Identity Mapping (EIM)</a></div>
|
|
</div>
|
|
</div>
|
|
</body>
|
|
</html> |