ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzakh_5.4.0.1/rzakhmanage.htm

135 lines
9.7 KiB
HTML
Raw Permalink Normal View History

2024-04-02 14:02:31 +00:00
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="concept" />
<meta name="DC.Title" content="Manage network authentication service" />
<meta name="abstract" content="Manage network authentication service by requesting tickets, working with key table files, and administering host name resolution. You can also work with credentials files and back up configuration files." />
<meta name="description" content="Manage network authentication service by requesting tickets, working with key table files, and administering host name resolution. You can also work with credentials files and back up configuration files." />
<meta name="DC.Relation" scheme="URI" content="rzakh000.htm" />
<meta name="DC.Relation" scheme="URI" content="rzakhsync.htm" />
<meta name="DC.Relation" scheme="URI" content="rzakharealms.htm" />
<meta name="DC.Relation" scheme="URI" content="rzakhrrealms.htm" />
<meta name="DC.Relation" scheme="URI" content="rzakhaddkdc.htm" />
<meta name="DC.Relation" scheme="URI" content="rzakhaddpass.htm" />
<meta name="DC.Relation" scheme="URI" content="rzakhtrust.htm" />
<meta name="DC.Relation" scheme="URI" content="rzakhhost.htm" />
<meta name="DC.Relation" scheme="URI" content="rzakhencrypt.htm" />
<meta name="DC.Relation" scheme="URI" content="rzakhkinit.htm" />
<meta name="DC.Relation" scheme="URI" content="rzakhklist.htm" />
<meta name="DC.Relation" scheme="URI" content="rzakhkkeytab.htm" />
<meta name="DC.Relation" scheme="URI" content="rzakhnewpswds.htm" />
<meta name="DC.Relation" scheme="URI" content="rzakhdeletecred.htm" />
<meta name="DC.Relation" scheme="URI" content="rzakhksetup.htm" />
<meta name="DC.Relation" scheme="URI" content="rzakhdefinerealmsdns.htm" />
<meta name="DC.Relation" scheme="URI" content="rzakhdefinerealmsldap.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 1998, 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 1998, 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="rzakhmanage" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Manage network authentication service</title>
</head>
<body id="rzakhmanage"><a name="rzakhmanage"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Manage network authentication service</h1>
<div><p>Manage network authentication service by requesting tickets, working
with key table files, and administering host name resolution. You can also
work with credentials files and back up configuration files.</p>
<div class="section"><p> After you have <a href="rzakhconfig.htm#rzakhconfig">configured</a> network
authentication service, you can request tickets, work with key table files,
and administer host name resolution. You can also work with credentials files
and back up configuration files. The following topics describe how to complete
these tasks:</p>
</div>
<div class="section"><h4 class="sectiontitle">iSeries™ user
tasks</h4><div class="p">The iSeries can also operate as a client in a Kerberos-enabled
network. Users can sign on to the iSeries and perform Kerberos-related
tasks through the Qshell Interpreter. The following tasks use several Qshell
commands to perform common tasks for iSeries users.<ul><li><a href="rzakhhome.htm#rzakhhome">Create a home directory</a></li>
<li><a href="rzakhkinit.htm#rzakhkinit">Obtain or renew ticket granting tickets</a></li>
<li><a href="rzakhnewpswds.htm#rzakhnewpswds">Change Kerberos passwords</a></li>
<li><a href="rzakhkkeytab.htm#rzakhkkeytab">Manage keytab files</a></li>
<li><a href="rzakhdeletecred.htm#rzakhdeletecred">Delete expired credentials cache files</a></li>
<li><a href="rzakhklist.htm#rzakhklist">Display credentials cache</a></li>
<li><a href="rzakhksetup.htm#rzakhksetup">Manage Kerberos service entries in LDAP directories</a></li>
</ul>
<div class="note"><span class="notetitle">Note:</span> If you are using the PC5250 emulator in iSeries Navigator, you need to change
the <span class="uicontrol">Remote signon</span> system value to enable you to bypass
the signon. To change the <span class="uicontrol">Remote signon</span> system value,
follow these steps:<ol><li>In iSeries Navigator,
expand <span class="menucascade"><span class="uicontrol">your iSeries server</span> &gt; <span class="uicontrol">Configuration
and Service</span> &gt; <span class="uicontrol">System Values</span> &gt; <span class="uicontrol">Signon</span></span>.</li>
<li>On the <span class="uicontrol">Remote</span> page, select <span class="uicontrol">Allow signon
to be bypassed</span> and <span class="uicontrol">Source and target user IDs must
match</span>, and click <span class="uicontrol">OK</span>.</li>
</ol>
</div>
</div>
</div>
<div class="section"><h4 class="sectiontitle">Network authentication service administration tasks</h4><p>The
following is a brief list of tasks that can be performed by an administrator
in iSeries Navigator.
For more task-based information, see the iSeries Navigator help for network authentication
service. </p>
</div>
</div>
<div>
<ul class="ullinks">
<li class="ulchildlink"><strong><a href="rzakhsync.htm">Synchronize system times</a></strong><br />
Synchronize system times on your network.</li>
<li class="ulchildlink"><strong><a href="rzakharealms.htm">Add realms</a></strong><br />
Add a new realm to the network authentication service configuration.</li>
<li class="ulchildlink"><strong><a href="rzakhrrealms.htm">Delete realms</a></strong><br />
Delete an unneeded or unused realm from the network authentication service configuration.</li>
<li class="ulchildlink"><strong><a href="rzakhaddkdc.htm">Add a Kerberos server to a realm</a></strong><br />
Add a Kerberos server to a realm using network authentication service.</li>
<li class="ulchildlink"><strong><a href="rzakhaddpass.htm">Add password server</a></strong><br />
Add a password server to a realm to allow Kerberos principals to change their passwords.</li>
<li class="ulchildlink"><strong><a href="rzakhtrust.htm">Create a trust relationship between realms</a></strong><br />
Establishing a trust relationship between realms creates a shortcut for authentication.</li>
<li class="ulchildlink"><strong><a href="rzakhhost.htm">Change host resolution</a></strong><br />
Specify an LDAP server, a Domain Name System (DNS), and static mappings to resolve host names and realm names.</li>
<li class="ulchildlink"><strong><a href="rzakhencrypt.htm">Add encryption settings</a></strong><br />
You can select the encryption types for ticket granting tickets (TGT) and ticket granting service (TGS).</li>
<li class="ulchildlink"><strong><a href="rzakhkinit.htm">Obtain or renew ticket granting tickets</a></strong><br />
The <span class="cmdname">kinit</span> command obtains or renews a Kerberos
ticket granting ticket. </li>
<li class="ulchildlink"><strong><a href="rzakhklist.htm">Display credentials cache</a></strong><br />
The <span class="cmdname">klist</span> command displays the contents of a
Kerberos credentials cache.</li>
<li class="ulchildlink"><strong><a href="rzakhkkeytab.htm">Manage keytab files</a></strong><br />
Maintain the keytab file using either the character-based interface
or iSeries Navigator.</li>
<li class="ulchildlink"><strong><a href="rzakhnewpswds.htm">Change Kerberos passwords</a></strong><br />
The <span class="cmdname">kpasswd</span> command will change the password
for the specified Kerberos principal using the password change service. </li>
<li class="ulchildlink"><strong><a href="rzakhdeletecred.htm">Delete expired credentials cache files</a></strong><br />
The <span class="cmdname">kdestroy</span> command deletes a Kerberos credentials
cache file. Users need to periodically delete old credentials by using the<span class="cmdname">kdestroy</span> command.</li>
<li class="ulchildlink"><strong><a href="rzakhksetup.htm">Manage Kerberos service entries in LDAP directories</a></strong><br />
The <span class="cmdname">ksetup</span> command manages Kerberos service
entries in the LDAP server directory. </li>
<li class="ulchildlink"><strong><a href="rzakhdefinerealmsdns.htm">Define realms in the DNS database</a></strong><br />
Define realms in the DNS database to resolve host names.</li>
<li class="ulchildlink"><strong><a href="rzakhdefinerealmsldap.htm">Define realms in the LDAP server</a></strong><br />
Network authentication service allows you to use the LDAP server to resolve a host name into a Kerberos realm and to find the KDC for a Kerberos realm.</li>
</ul>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzakh000.htm" title="Network authentication service allows the iSeries server and several iSeries services, such as iSeries eServer Access for Windows, to use a Kerberos ticket as an optional replacement for a user name and password for authentication.">Network authentication service</a></div>
</div>
</div>
</body>
</html>