You can apparently do this if you are using Apache: http://support.microsoft.com/?id=555092
You need to have mod_auth_kerb for Apache. Maybe IBM has done this for their Apache port for z/OS? :-) On Jan 9, 2008 11:13 AM, Ulrich Boche <[EMAIL PROTECTED]> wrote: > McKown, John wrote: > > But on the off chance that I'm wrong, I will ask anyway. We use Windows > > as our desktop OS <blech>. One "nice" thing about it is that when we go > > to a restricted internal IIS web site, we are automagically "logged on" > > to the web site via the Active Directory "trust" mechanism (as I vaguely > > understand it). Is there any way to extend this so that when a user goes > > to our z/OS HTTP web server, they can be automagically logged on to > > their corresponding z/OS RACF id? We do use RACF on z/OS. We don't have > > any money for this, so a product (unless it is 100% free-as-in-beer and > > 100% supported) is out of the question. Yes, this is really a whine from > > the Windows people again about how "unfriendly" z/OS is. I wonder if > > they whine about our Linux and Solaris servers as well? > > > > The mechanism used by Microsoft is proprietary to IIS and Internet > Explorer. They do an under the covers Kerberos authentication. > > IBM HTTP Server for z/OS only supports X.509 certificates with client > authentication for a single sign-on solution. For practical purposes, if > you don't already use SmartCards or USB tokens with certificates in your > installation for the Windows domain login, the effort to get a solution > with client certificates into production would hardly be worthwhile. > > The good old HTTP Server is somewhat deprecated today, IBM has an Apache > port for z/OS. I'm not sure if it is only provided with WebSphere or if > you can get it outside of WAS. I don't know if Apache supports > Microsoft's Kerberos authentication, I would be doubtful though. > > It is difficult to talk with the PC folks. They tend to be very MS > centered and don't care about standards and such - their standard is > everything supported by Microsoft. > -- > Ulrich Boche > SVA GmbH, Germany > IBM Premier Business Partner > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO > Search the archives at http://bama.ua.edu/archives/ibm-main.html > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
