Help > EASYCOM Server > Installing and configuring EASYCOM > EASYCOM Server configuration commands > CFGEACSSO (Single Sign On) > CFGEACSSO - EIM Mode

CFGEACSSO - EIM Mode

 The EIM mode is only supported from V5R3 OS/400 version. It requires to configure OS/400 components from the IBM iSeries Navigator software.

From a terminal session, under QSECOFR user profile, run command :

CFGEACSSO <F4>

Set ‘Active Single Sign On’ option to *EIM, and fill up the LDAP user name and password.

When validating this command, the EASYCOMD job will restart automatically if there are new changes to apply (this will work only if working with the default port number; otherwise you will need to restart EASYCOMD using STREACD or restart the subsystem).

The settings are stored in the EAC_EIM *USRSPC object, with exclusive use for the user that first used the CFGEACSSO command with *EIM mode. So it is recommended to always use this command with the QSECOFR user profile.

 

                    EASYCOM S.S.O. CONFIGURATION (CFGEACSSO)

 

Type choices, press Enter.  

 

Easycom server library name . . > EASYCOM  

Activate Single Sign On  . . . . > *EIM          *YES, *NO, *EIM, *SAME 

SSO authorized from  . . . . . .   *NONE         HHMM =

SSO authorized to  . . . . . . .   *NONE         HHMM =

LDAP user for EIM  . . . . . . . 

 

LDAP password for EIM . . . . . 

 

 

EIM logon is mandatory . . . . . *NO   *YES, *NO 

LDAP dn for EIM  . . . . . . . .   *DFT 

LDAP service spn . . . . . . . . *DFT 

 

SSO authorized from / SSO authorized to

Single Sign-on ‘opening hours’. EIM connections are forbidden outside of those hours.

 

LDAP user for EIM

Local LDAP user. This user name is required during a connection attempt, to retrieve the "OS/400" user name associated to the "Windows" user name.

This local user name is the name used when configuring EIM with iSeries Navigator (when selecting NetWork/EIM Domain Mapping/Domain Management/<yourDomain>).

You need to only put the username, not "cn=

LDAP password for EIM

This is the password for the local LDAP connection.

EIM is mandatory

Configures EASYCOM to deny all non-EIM connections (with username/password).

LDAP dn for EIM

This is a alternate way for giving LDAP logon name, allowing specific syntax. So this is valid only if user is left blank. A typical value is:

cn=

LDAP service spn

This allows a specific service principal name. If *DFT is specified, Easycom calculates it using "krbsvr400" and the system name.

Example of valid values (with systemi5 name for the system, testdomain.com for the domain and TESTDOMAIN.COM for the realm):

krbsvr400/systemi5

krbsvr400/systemi5@TESTDOMAIN.COM

krbsvr400/systemi5.testdomain.com@TESTDOMAIN.COM (default if *DFT is specified)

 

 

See also

EIM Installation on AS/400

EIM with Easycom

© 2021 Aura Equipements. All rights reserved.