McKown, John wrote:
But on the off chance that I'm wrong, I will ask anyway. We use Windows as our desktop OS <blech>. One "nice" thing about it is that when we go to a restricted internal IIS web site, we are automagically "logged on" to the web site via the Active Directory "trust" mechanism (as I vaguely understand it). Is there any way to extend this so that when a user goes to our z/OS HTTP web server, they can be automagically logged on to their corresponding z/OS RACF id? We do use RACF on z/OS. We don't have any money for this, so a product (unless it is 100% free-as-in-beer and 100% supported) is out of the question. Yes, this is really a whine from the Windows people again about how "unfriendly" z/OS is. I wonder if they whine about our Linux and Solaris servers as well?
The mechanism used by Microsoft is proprietary to IIS and Internet Explorer. They do an under the covers Kerberos authentication.
IBM HTTP Server for z/OS only supports X.509 certificates with client authentication for a single sign-on solution. For practical purposes, if you don't already use SmartCards or USB tokens with certificates in your installation for the Windows domain login, the effort to get a solution with client certificates into production would hardly be worthwhile.
The good old HTTP Server is somewhat deprecated today, IBM has an Apache port for z/OS. I'm not sure if it is only provided with WebSphere or if you can get it outside of WAS. I don't know if Apache supports Microsoft's Kerberos authentication, I would be doubtful though.
It is difficult to talk with the PC folks. They tend to be very MS centered and don't care about standards and such - their standard is everything supported by Microsoft.
-- Ulrich Boche SVA GmbH, Germany IBM Premier Business Partner ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html