friedkiwi/ibm-information-center
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
master
ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzamz_5.4.0.1/rzamztestnetworkauthenticationserviceoniseriesaandiseriesb.htm

78 lines
5.8 KiB
HTML
Raw Permalink Normal View History

Add readme and dist folders
2024-04-02 14:02:31 +00:00
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="task" />
<meta name="DC.Title" content="Test network authentication service on iSeries A and iSeries B" />
<meta name="DC.Relation" scheme="URI" content="rzamzenablessoos400.htm" />
<meta name="DC.Relation" scheme="URI" content="rzamzcreatehomedirectoriesoniseriesaandiseriesb.htm" />
<meta name="DC.Relation" scheme="URI" content="rzamzcreateeimidentifiersfortwoadministratorsjohndayandsharonjones.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 2000, 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2000, 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="rzamztestnetworkauthenticationserviceoniseriesaandiseriesb" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Test network authentication service on iSeries A and iSeries B</title>
</head>
<body id="rzamztestnetworkauthenticationserviceoniseriesaandiseriesb"><a name="rzamztestnetworkauthenticationserviceoniseriesaandiseriesb"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Test network authentication service on iSeries A and iSeries B</h1>
<div><div class="section"><div class="p">After you complete the network authentication service configuration
tasks for both of your systems, you need to verify that your configurations
work correctly for both <span class="keyword">iSeries™</span> A
and <span class="keyword">iSeries</span> B. You can do this
testing by completing these steps to request a ticket granting ticket for
the <span class="keyword">iSeries</span> A and <span class="keyword">iSeries</span> B principals:<div class="note"><span class="notetitle">Note:</span> Ensure that
you have created a home directory for your <span class="keyword">iSeries</span> user
profile before performing this procedure.</div>
</div>
</div>
<ol><li class="stepexpand"><span>On a command line, enter <tt>QSH</tt> to start the Qshell Interpreter.</span></li>
<li class="stepexpand"><span>Enter <tt>keytab list</tt> to display a list of principals registered
in the keytab file. In this scenario, krbsvr400/iseriesa.myco.com@MYCO.COM
should display as the principal name for <span class="keyword">iSeries</span> A.</span></li>
<li class="stepexpand"><span>Enter <tt>kinit -k krbsvr400/iseriesa.myco.com@MYCO.COM</tt> to
request a ticket-granting ticket from the Kerberos server. By running this
command, you can verify that your <span class="keyword">iSeries</span> system
has been configured properly and that the password in the keytab file matches
the password stored on the Kerberos server. If this is successful then the
kinit command will display without errors.</span></li>
<li class="stepexpand"><span>Enter <tt>klist</tt> to verify that the default principal is krbsvr400/iseriesa.myco.com@MYCO.COM.
This command displays the contents of a Kerberos credentials cache and verifies
that a valid ticket has been created for the <span class="keyword">iSeries</span> service
principal and placed within the credentials cache on the <span class="keyword">iSeries</span> system.</span> <pre class="screen"> Ticket cache: FILE:/QIBM/USERDATA/OS400/NETWORKAUTHENTICATION/creds/krbcred
Default principal: krbsvr400/iseriesa.myco.com@MYCO.COM
Server: krbtgt/MYCO.COM@MYCO.COM
Valid 200X/06/09-12:08:45 to 20XX/11/05-03:08:45
$ </pre>
</li>
</ol>
<div class="section"><p> Repeat these steps using the service principal name for <span class="keyword">iSeries</span> B: krbsvr400/iseriesb.myco.com@MYCO.COM</p>
<p>Now
that you have tested network authentication service on <span class="keyword">iSeries</span> A
and <span class="keyword">iSeries</span> B, you can create
an EIM identifier for each of the administrators.</p>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzamzenablessoos400.htm" title="View this scenario to learn how to configure network authentication service and EIM to create a single signon environment across multiple systems in an enterprise. This scenario expands on the concepts and tasks presented in the previous scenario which demonstrates how to create a simple single signon test environment.">Scenario: Enable single signon for i5/OS</a></div>
<div class="previouslink"><strong>Previous topic:</strong> <a href="rzamzcreatehomedirectoriesoniseriesaandiseriesb.htm">Create home directories on iSeries A and iSeries B</a></div>
<div class="nextlink"><strong>Next topic:</strong> <a href="rzamzcreateeimidentifiersfortwoadministratorsjohndayandsharonjones.htm">Create EIM identifiers for two administrators, John Day and Sharon Jones</a></div>
</div>
</div>
</body>
</html>
Reference in New Issue Copy Permalink