Kerberos Services Ticket Auto-Signon

For 5250 emulator sessions, the Bypass signon using Kerberos principal option enables Kerberos authentication.

If the “Kerberos auto-signon” is disabled during the “Custom” installation, “Bypass signon using Kerberos principal” is disabled.

If the “Kerberos auto-signon” is enabled during the “Custom” installation, “Bypass signon using Kerberos principal” is enabled.

Note:
The option to disable the Kerberos auto-signon checkbox in the Custom Installation UI is no longer supported starting from v16.0.2 onwards.

A ticket is generated and passed to the iSeries, eServer i5, or System i5 host during TN5250 negotiation.

If the ticket is valid, authentication is completed and the user is logged onto the host. If authentication fails, a host login screen get displayed.

Note: The user must log into a Windows domain in order to use Kerberos authentication. Refer to the relevant Microsoft documentation for specific details.

For the Data Transfer utility, the user can set the Use Kerberos principal, no prompting option (from Setup → Signon Options).

If the “Kerberos auto-signon” is disabled during the “Custom” installation, “Use Kerberos principal, no prompting” is not listed in the signon options of the Data Transfer utility.

If the “Kerberos auto-signon” is enabled during the “Custom” installation, “Use Kerberos principal, no prompting” is listed in the signon options of the Data Transfer utility.

Note:
The option to disable the Kerberos auto-signon checkbox in the Custom Installation UI is no longer supported starting from v16.0.2 onwards.

This function enables Kerberos authentication, using the ticket generated by the Windows user credentials.

Kerberos Logon Credentials

When a user logs in to the machine and launches Z and I Emulator for WindowsPersonal Communications with Kerberos enabled for the first time, a dialog box appears prompting the user to store their Windows logon password in the registry. The dialog will also appear whenever the stored credentials have expired.

Login Dialog Components

User ID

Displays the current Windows username.

  • Automatically populated when the dialog opens.

  • This field is read-only and cannot be edited by the user.

Password

Field for entering the Windows account password.

OK Button

Confirms and submits the entered credentials.

  • Validates the username and password using Windows authentication.

  • On successful authentication:
    • The dialog closes.
    • Credentials may be securely stored for future use.
  • On failure:
    • An error is displayed.
    • The user can retry entering the password.

Cancel Button

Closes the dialog.

  • No credentials are validated or stored.

  • If credentials are not stored then windows logon password will be used to bypass the sign on screen.

Error Messages

  • Empty Password

    Passwords cannot be empty. Please enter your Windows logon password.

  • Invalid Password

    The entered password is incorrect. Please enter your Windows logon password again.

  • System Error

    Failed to store credentials.

Note:

  • The dialog retrieves and displays the current Windows username automatically.

  • Credentials are validated using secure Windows APIs (e.g., logon authentication).

  • Sensitive information such as passwords is never logged.

  • If authentication succeeds, credentials may be encrypted and stored securely.