I am researching Kerberos in the IBM midrange environment.
I have client server desktop application. Front end java(using JT400 api) and backend Rpgle(PCML). So the client is using a mixture JDBC Sql and backend rpgle program calls.
My current situation is I log onto my desktop(Windows Sign on) and then have to log onto my application via my IBM i user id and password again.
I need to do a "proof of concept" single sign on where user should be able to use windows signon to use my application.
i) So I need setup a KDC server, where do I do this?
should it be where my Windows signon is validated( like my organization's Windows Active Directory is)?
ii) I understand I need Configure EIM on my IBM i( we have 3 IBM i servers in our organistion).
So do I need to do this on each machine?
iii) I understand my client code needs to change so that a pop up a sign on dialog appears anymore? What do I need to do instead?
Any help or Overview what I need to do would help. I am not asking for a detailed explanation.
Regards, Jemrug
You want to look into Jaas. It takes care of the kerberos heavy lifting in a configuration file. You then get a windows admin to help you get/locate a kerberos cache file and you have single sign on. As user1686 said, windows AD already has KDC. So again talk to your windows admin team about the configuration.