Security and object authority in the QFileSvr.400 file system
If both of the systems have Network Authentication Service and Enterprise Identity Mapping (EIM) configured, and the user has authenticated with Kerberos, then Kerberos can be used to authenticate to access a file system that resides on a target System i™ platform. If the Kerberos authentication fails, then the user ID and password can be used to verify access.
If the ticket-granting ticket or the System i ticket expires after the target system has verified your access, the expiration will not be effective until the connection to the target system has ended.
- To access a file system that resides on a target System i platform, have a user ID and password on the target system that matches the user ID and password on the local system if Kerberos is not used to authenticate.
If your password on the local or target system is changed after the target system has verified your access, then the change is not reflected until the connection to the target system has ended. However, there is no delay if your user profile on the local system is deleted and another user profile is created with the same user ID. In this case, the QFileSvr.400 file system verifies that you have access to the target system.
- Object authority is based on the user profile that resides on the target system. That is, you are allowed to access an object in the file system on the target system only if your user profile on the target system has the appropriate authority to the object.
Parent topic:
i5/OS file server file system (QFileSvr.400)
Related information
Network authentication service
Enterprise Identity Mapping (EIM)