Configuring connection-based automation in an i5/OS or OS/400 and Kerberos environment

Unlike macro-based automation, connection-based automation does not require the use of a Credential Mapper Servlet (CMS), a login macro, the Network Security plug-in, nor the Host Credential Mapper (HCM). Instead, it extends the existing single sign-on capability of iSeries environments that meet the following criteria:
  • operate within a Windows Domain
  • have Kerberos-based network authentication enabled on each target iSeries system
  • run i5/OS V5R4 or later (these versions support Kerberos-based network authentication)
  • run one or more of the following client operating systems:
    • Windows 2000 (Professional, Server, and Advanced Server)
    • Windows XP Professional
    • Windows Server 2003
You must configure your iSeries environment to use single sign-on capability in order to implement connection-based logon automation.

The iSeries environment provides single sign-on capability by working in conjunction with Kerberos-based network authentication and an IBM technology called Enterprise Identity Mapping (EIM). Z and I Emulator for Web uses this existing methodology for acquiring credentials to allow users to bypass the host session login screen.

Both EIM technology and Kerberos are available with i5/OS V5R4 or later operating systems. EIM is an IBM infrastructure technology that allows you to manage multiple user identities and user registries easily and inexpensively while maintaining secure authentication and authorization. This architecture describes the relationships between individuals or entities in an enterprise and the many identities that represent them within the enterprise. Kerberos, on the other hand, is a network authentication protocol that identifies and authenticates users who request to log on to a network. Together, EIM and Kerberos provide single sign-on capability.

Although this document does not instruct you how to configure your iSeries environment for single sign-on capability, the following resources are available to help you:

Once you have configured your iSeries environment to use single sign-on capability, you are ready to configure Z and I Emulator for Web to extend this single sign-on capability. To accomplish this, take the following two steps: