« MSSi Receives IBM Power Systems Specialty Elite Certification | Main | Rational Developer Summer School Recap »

Today's Feature: Security Tools for IBM i Clients 

Growth for customers often presents many challenges, one of which is maintaining a larger number of systems and partitions. Common problems that arise are how to create uniformity in user management across platforms, establish an easy way to maintain multiple passwords and enforce a universal password policy. Addressing these issues can greatly reduce help desk tickets and, therefore; save time and money. IBM STG Lab Services has developed tools to assist customers with their user management needs.

Network Password Synchronization Tool
- When users keep synchronized passwords, there is less likelihood that a user will disable themselves on partitions that are infrequently used. This is a Java web based application that allows users to change their IBM i passwords from one place. The interface also includes capability for an administrator to reset another user's password. Other than being used as a password synchronization GUI, the tool can be called via a HTTPS request and tied into a customer's existing programs; for example, on an IBM i exit point.

Microsoft Active Directory to IBM i User Synchronization
- A regular task of user management is creating, deleting, enabling and disabling users on a partition. This is a Java program that runs on a scheduled basis that binds with Microsoft Active Directory to check for changes to Active Directory user accounts. Based on the changes to the Active Directory accounts, the program automatically performs an equivalent action on the IBM i partitions configured in an XML file. Changes detected include: a user joining a group, a user being enabled, a user being disabled and a user being deleted.

Password Validation for IBM i
- IBM i has a set of system values that control the password policy on a partition. This tool accounts for any password checking that cannot be covered by the system values on a customer's version and release of IBM i. This is a program that is attached to the password validation exit point of IBM i and can be customized to fit any customer's needs. The common implementation of this tool checks the password for words that are disallowed by a customer configured list and to see if the password contains the user profile itself.

Please contact Midrange Support & Service if you have any questions or need assistance in any of these areas.

References (11)

References allow you to track sources for this article, as well as articles that were written in response to this article.

Reader Comments

There are no comments for this journal entry. To create a new comment, use the form below.

PostPost a New Comment

Enter your information below to add a new comment.

My response is on my own website »
Author Email (optional):
Author URL (optional):
Some HTML allowed: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <em> <i> <strike> <strong>