IBM iSeries

Estimated reading: 3 minutes 60 views

For effective integration with IBM iSeries, MyPass Cloud requires an OS/400 version V4R5 or above. Additionally, a dedicated service account needs to be set up to enable connection to the system. It’s also important to ensure that the Password Level on the iSeries system is set to at least level 2 to facilitate proper synchronization with MyPass Cloud.

The method used by MyPass Cloud to reset passwords for IBM Z/OS or iSeries depends on the specific system setup. Generally, we utilize either an LDAP connector or an SSH connector. The choice between these two options is based on the infrastructure and requirements of the environment in question. 

When the connector sets a password for a user, it will login to instance using a service user that possesses the privileges required for this operation. Necessary administrator privileges:

  • *SECADM (Security Administrator)
  • *ALLOBJECTS (only required if MyPass should be able to set passwords on elevated eg. Secadm accounts)
Remote Command (*RMTSRV)

The Remote Command port is used for connecting to the iSeries machine. Therefore, the Remote Command exit point needs to be configured.

IFS

If there are machines connected to the iSeries using IFS and you wish to to make use of synchronization from AD, you would require at least iSeries Password level 2. (Password Level 1 can be used when limiting the AD Password Policy using the Password Filter)

SSL

The default setup is to use SSL connection between the iSeries and the Gateway server. This setting can be changed by setting the SSL mode key to false in the file: \FastPassGateway\bin\ConnectorIBMSystemI\fpc101.properties

For SSL, please follow IBM’s description on how to let IBM Tool Box for Java and iSeries communicate over SSL.

The MyPass Cloud includes a tool for getting the Java keystore created on the Windows Server in an easy manner. Please ask your MyPass Cloud engineer to assist with this step.

Connector Command

The Connector uses the IBM Tool Box for Java. The Java class AS400 is used to connect to the AS/400 host over SSL. The following command is run to set a password.

				
					CHGUSRPRF USRPRF (user) PASSWORD (password) STATUS (*ENABLED) PWDEXP (*NO)
				
			

This command can be changed in the fpc101.properties file on your Gateway server. This file is located in the main directory with the connector typically (\program files\FastPassCorp\FastPassGateway\bin\ConnectorIBMSystemI).

A typical customization is to change the line to add the password expiration feature on iSeries for the user. This can be done using the parameter below.

				
					PWDEXPITV (*SYSVAL)
				
			

To see a list of other parameters please refer to this link (please check if this corresponds to your iSeries version): http://publib.boulder.ibm.com/iseries/v5r1/ic2924/index.htm?info/cl/chgusrpr.htm

The connector logs operations to a log file. The location of the log and the debug level can be set in the log4j.properties file. (this file is also located besides the connector in the classes directory)