The most effective way is to set up SSO with AD based on Kerberos (and the IBM-specific layer called EIM).
Original Message:
Sent: Thu May 30, 2024 03:27 AM
From: Satid S
Subject: IBM i authentication protocol
Dear Jorge
As far as I know, IBM i supports Kerberos, LDAP, key-based authentication protocol such as that used in Secure Shell (SSH) and also MFA (multifactor authentication). My guess is that the security auditor asked whether any one of these is used in your IBM i server. To demonstrate any one of these, you need to set them up. Do a Google search and you will find info on how to set each of these up.
------------------------------
Satid S
Original Message:
Sent: Wed May 29, 2024 09:47 PM
From: Jorge Lee
Subject: IBM i authentication protocol
Hello Satid,
Thank you for responding, I will explain that this question comes from a security auditor, if there are authentication protocols such as Kerberos, LDAP, Password Authentication Protocol PAP, etc. on the IBM i, I have identified that we only enter with a username and password and we have configured the TLS 1.2 and 1.3, we do not have LDAP configured.
------------------------------
Regards,
Jorge Lee
Original Message:
Sent: Wed May 29, 2024 07:54 PM
From: Satid S
Subject: IBM i authentication protocol
Dear Jorge
I'm not sure I understand your question. When signing on to a 5250 telnet session with user profile and password, there is no special authentication protocol used other than 5250 telnet data stream. The 5250 telnet client just passes the character string of the user and password to telnet server in IBM i server. This is why it is crucial to use TLS to encrypt the session. One thing you can do to see this in action is to start IBM i communication trace during the sign on and dump it to a PC and use Wireshark to display the data stream. (You cannot see the data if TLS is used.) Or you can even use a PC with Wireshark that connects to the same LAN as IBM i server to capture the data stream directly from LAN if you know how to and it is allowed.
------------------------------
Satid S
Original Message:
Sent: Wed May 29, 2024 12:36 PM
From: Jorge Lee
Subject: IBM i authentication protocol
Hello everyone
Is there a way to demonstrate the authentication protocol of my IBM i if I only log in with a username and password via telnet, there will be related documentation.
------------------------------
Regards,
Jorge Lee
------------------------------