ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzakh_5.4.0.1/rzakhkerberosscenario_addkerberosserviceprincipal.htm

76 lines
5.6 KiB
HTML
Raw Permalink Normal View History

2024-04-02 14:02:31 +00:00
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="task" />
<meta name="DC.Title" content="Add Kerberos service principal to the trusted group file for each endpoint" />
<meta name="DC.Relation" scheme="URI" content="rzakhscenmc2.htm" />
<meta name="DC.Relation" scheme="URI" content="rzakhkerberosscenario_restartmanagementcentral.htm" />
<meta name="DC.Relation" scheme="URI" content="rzakhkerberosscenario_verifykerberosprincipal.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 1998, 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 1998, 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="rzakhkerberosscenario_addkerberosserviceprincipal" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Add Kerberos service principal to the trusted group file for each endpoint</title>
</head>
<body id="rzakhkerberosscenario_addkerberosserviceprincipal"><a name="rzakhkerberosscenario_addkerberosserviceprincipal"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Add Kerberos service principal to the trusted group file for each endpoint</h1>
<div><div class="section">After the Management Central servers all have been restarted, you
need to add the central system's Kerberos service principal to the trusted
group file for each of the endpoint systems. From the central system, run
a remote command, such as DSPLIBL (Display Library List), to all the endpoint
systems. Each endpoint system automatically adds the central system's Kerberos
service principal to its individual trusted group file because <span class="uicontrol">Add
to trusted group</span> is selected as the authentication level on each
endpoint system. You can run any remote command from the central system to
an endpoint system to cause the Management Central server job on the endpoint
system to record the necessary Kerberos service principals in the trusted
group file. The DSPLIBL (Display Library List) command is used for example
purposes only.<div class="note"><span class="notetitle">Note:</span> If you use a model or source system to run tasks, such
as Send Fixes, Send Users, Synchronize Time, you should run these tasks so
that the correct Kerberos service principals are added to the correct trusted
group files.</div>
<p>For this scenario, you decide to run a remote command
to all the endpoint systems to add the Kerberos service principal to the trusted
group file on each endpoint system. To run a remote command, follow these
steps: </p>
</div>
<ol><li class="stepexpand"><span>In iSeries™ Navigator,
expand <span class="menucascade"><span class="uicontrol">Management Central (iSeriesA)</span> &gt; <span class="uicontrol">System
Groups</span></span>.</span></li>
<li class="stepexpand"><span>Right-click <span class="uicontrol">MyCo2 system group</span> and select <span class="uicontrol">Run
Command</span>. </span></li>
<li class="stepexpand"><span>On the <span class="uicontrol">Run Command-MyCo2 system group</span> page,
enter <tt>dsplibl</tt> in the <span class="uicontrol">Commands to run</span> field
and click <span class="uicontrol">OK</span> to start the command task immediately. </span> You can also click <span class="uicontrol">Previous Commands</span> to select
from a list of commands you have previously run, or you can click <span class="uicontrol">Prompt</span> to
get assistance in entering or selecting an i5/OS™ command.</li>
<li class="stepexpand"><span>By default, a dialog box is displayed that indicates the Run Command
task has started. However, if you have changed the default setting, this dialog
box is not displayed. Click <span class="uicontrol">OK</span>.</span></li>
<li class="stepexpand"><span>On the <span class="uicontrol">Run Command Status</span> dialog box, verify
that the command completes on each system and close the dialog box.</span></li>
</ol>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzakhscenmc2.htm" title="Use the following scenario to become familiar with the prerequisites and objectives for using Kerberos authentication between Management Central servers.">Scenario: Use Kerberos authentication between Management Central servers</a></div>
<div class="previouslink"><strong>Previous topic:</strong> <a href="rzakhkerberosscenario_restartmanagementcentral.htm">Restart Management Central server on the central system and target systems</a></div>
<div class="nextlink"><strong>Next topic:</strong> <a href="rzakhkerberosscenario_verifykerberosprincipal.htm">Verify the Kerberos principals are added to the trusted group file</a></div>
</div>
</div>
</body>
</html>