To use EIM with Easycom we need to do the following:
1. Install and configure it in the AS/400 and the domain controller.
2. Grant the TCP user to access the keytab file. QTCP is the user for EASYCOMD job.
CHGAUT OBJ('/QIBM/UserData/OS400/NetworkAuthentication/keytab/krb5.keytab') USER(QTCP) DTAAUT(*R)
3. Enable the Kerberos authentication:
CFGEACAUTH LIB(EASYCOM) KERBAUTH(*ON)
Note: Instead of Kerberos authentication you also can use client certificate authentication, with certificates registered in the EIM database.
4. Configure Easycom to use EIM on the server,
CFGEACEIM LIB(EASYCOM) ACTIVE(*YES) EIM_LDAPU(administrator) EIM_LDAPPW(xxx)
5. Optionally define an exit program EACLOG002
6. Update applications to use EIM by using *KERBAUTH special value for the login.
EIM implementation on client is very simple. All you need is to specify "*KERBAUTH" special value for the user id, and a recent client DLL. The password has no importance (can be blank or any value).
There are special TCP/IP error codes (negative) for different Kerberos errors (ticket expired, …)., with corresponding native error text (coming from i5 or from client).
For testing you can type *KERBAUTH in place of the username and leave a blank password. After this, you can put that special value in your client/server programs.