This command configures the authentication methods and security options which are valid with Easycom.
Easycom Authentication config (CFGEACAUTH)
Type choices, press Enter.
Easycom server library name . . > EASYCOM Alpha value
Use SSL encryption . . . . . . . *OFF *SAME, *OFF, *ON, *ONLY
Use SSL authentication . . . . . *OFF *SAME, *OFF, *ON, *ONLY
SSL authentication role . . . . *SAME
Use Kerberos authentication . . *ON *SAME, *OFF, *ON, *ONLY
Use SSL encryption
This option defines if the SSL encryption is supported, or mandatory. Possible values are:
*OFF: SSL is not used by the Easycom server.
*ON: SSL is used if requested by the client
*ONLY: SSL must be used. The connection will be rejected if the client doesn’t support SSL or if the SSL negotiation fails.
Use SSL authentication
This option defines if SSL authentication is enabled. This option is valid is ‘Use SSL encryption’ is activated. Possible values are:
*OFF: SSL authentication is not accepted.
*ON: SSL authentication is valid. A valid certificate must be provided by the client.
*ONLY: SSL authentication is mandatory. A valid certificate must be provided by the client. This SSL authentication can validate the OS/400 user or can only act as an additional security option (see ‘SSL authentication role’).
SSL authentication role
This option defines how the SSL authentication will imply an OS/400 user. Possible values are:
*NONE: the SSL authentication won’t define an OS/400 user. The client certificate will be checked by Easycom, but not used to define the OS/400 User. OS/400 User and password, or Kerberos authentication must be provided as well.
*EIM: Easycom will search if the client certificate is found in the EIM database. If yes, the EIM will define which user to use. In this case EIM configuration must be valid.
*SUBJECT: the certificate subject is equal to the OS/400 username. In this case the EIM configuration is not necessary. The SSL client certificate will be use for the whole authentication process.
Use Kerberos authentication
This option defines if the Kerberos authentication is valid. The EIM configuration must be valid to be able to map the Kerberos authentication (typically Windows credentials) to an OS/400 user.