If you have a Windows 7 workstation or you are running Windows Server 2008 R2, there is an extra configuration step to enable Kerberos authentication with i5/OS. In these releases, Microsoft no longer enables the DES cipher suites (DES-CBC-MD5 and DES-CBC-CRC) for Kerberos by default. Unfortunately, Kerberos on i5/OS does not support the new default suites used by Microsoft.

A few details about the Kerberos protocol will explain why this change requires additional configuration. The Kerberos protocol negotiates the cipher suites used to build Kerberos tickets. When a client requests a Kerberos ticket, it includes a list of cipher suites

Yes, I’m talking to you. You who read this newsletter are gurus. Devoted and profoundly resourceful reader Sarah showed me a tip that I’ve got to share with you. Her technique makes it easy to find out who’s doing what with the database.

Sometimes a user asks Sarah to determine who changed something in a file. The journal tells all. The problem is that journals are not easy to read. The data is stored in one big long field, called entry-specific data. However, Sarah has a way to break down the entry-specific data as it is defined in the database.

When performing high availability (HA) switch exercises where production processing is temporarily switched from a live system to an HA system and back again, there is one essential procedure that must be followed or you risk screwing up your databases and losing data. Here’s the issue and how to avoid it.

Rule #1: Don’t Do This!!!

In my humble opinion, this is the cardinal rule for an HA switch over:

Don’t update your production data without replication running.

It’s a good simple rule to follow, but it’s also an easy rule to mess up. Whenever you switch processing from a