Enroll users when iSeries does not store passwords

By default iSeries has a system value set that prevents storing passwords with authentication entries. You can change this system value to enable iSeries to keep passwords (as described in Enable iSeries to automatically start authenticated connections). If you prefer not to have iSeries store passwords for security reasons, you can still enroll iSeries users to NetWare.

To enroll users when iSeries does not store passwords:

1. Make sure that QNETWARE has a NetWare authentication entry for each NDS tree on which you want to enroll iSeries users.

2. Define the NDS trees on which to enroll the iSeries profile by using the CHGNWSUSRA command (described in Enrolling users.)

   Enrollment delays until iSeries temporarily accesses the profile's password.

3. To start enrollment, do one of the following:

   • Have the iSeries user sign on to iSeries.

   • Have an iSeries user with *SECADM authority set the profile's password by using the CHGUSRPRF command.

   • Have the iSeries user change the profile's password by using the CHGPWD command.

   The iSeries profile attributes are propagated to NetWare. If a NetWare object with this name does not exist, one is created with the same name as the iSeries profile. If a NetWare object with this name does exist, it is updated with iSeries profile changes. An authentication entry is not created.