ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzakh_5.4.0.1/rzakhcreatehostprin.htm

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
  PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="task" />
<meta name="DC.Title" content="Create host, user, and service principals" />
<meta name="abstract" content="Create host principals for your Windows 2000 and Windows XP workstations. Create user and service principals on your Kerberos server." />
<meta name="description" content="Create host principals for your Windows 2000 and Windows XP workstations. Create user and service principals on your Kerberos server." />
<meta name="DC.Relation" scheme="URI" content="rzakhconfigpase.htm" />
<meta name="DC.Relation" scheme="URI" content="rzakhkerberos.htm" />
<meta name="DC.Relation" scheme="URI" content="rzakhconfigwkstation.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 1998, 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 1998, 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="rzakhcreatehostprin" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Create host, user, and service principals</title>
</head>
<body id="rzakhcreatehostprin"><a name="rzakhcreatehostprin"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Create host, user, and service principals</h1>
<div><p>Create host principals for your Windows<sup>®</sup> 2000 and Windows XP
workstations. Create user and service principals on your Kerberos server.</p>
<div class="section"><div class="p">This procedure creates the following:<ul><li>Host principals for Windows 2000 and Windows XP
workstations</li>
<li>User principals on the Kerberos server</li>
<li>Service principal on the Kerberos server</li>
</ul>
</div>
<p>To provide interoperability between a Windows 2000 or Windows XP
workstation and a Kerberos server in i5/OS™ PASE, you need to add a host principal
for the workstation to the Kerberos realm. For users to be authenticated to
services in your network, you must add them to the Kerberos server as principals.
These user principals are stored on the Kerberos server and are used to validate
users on the network. For i5/OS to accept Kerberos tickets, you must add them
to the Kerberos server as principals. Complete the following tasks:</p>
<div class="note"><span class="notetitle">Note:</span> User
names, host names, and passwords are used for example purposes only.</div>
</div>
<ol><li class="stepexpand"><span>In a character-based interface, enter <tt>call QP2TERM</tt> at
the command line.</span> This command opens an interactive shell environment
that allows you to work with i5/OS PASE applications.</li>
<li class="stepexpand"><span>At the command line, enter <tt>export PATH=$PATH:/usr/krb5/sbin</tt>. </span> This command points to the Kerberos scripts that are necessary to run
the executable files.</li>
<li class="stepexpand"><span>At the command line, enter <tt>kadmin -p admin/admin</tt>, and
press Enter.</span></li>
<li class="stepexpand"><span>Sign in with administrator's password.</span></li>
<li class="stepexpand"><span>At the kadmin prompt, enter <tt>addprinc -pw secret1 host/pc1.myco.com</tt>.</span> This command creates a host principal for the PC in your network. Repeat
this step for all the PCs in your network.</li>
<li class="stepexpand"><span>Enter <tt>addprinc -pw secret jonesm</tt>.</span> This command
creates a principal for your user, Mary Jones. Repeat this step for all of
your users.</li>
<li class="stepexpand"><span>At the kadmin prompt, enter <tt>addprinc -pw iseriesa123 krbsvr400/iseriesa.myco.com</tt>.</span> This command creates a service principal for the Kerberos server.</li>
<li class="stepexpand"><span>Enter <tt>quit</tt> to exit the kadmin interface, and press F3
(Exit) to exit the PASE environment.</span></li>
</ol>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzakhconfigpase.htm" title="Configure and manage a Kerberos server from your iSeries system to provide an integrated runtime environment for AIX applications.">Configure a Kerberos server in i5/OS PASE</a></div>
<div class="previouslink"><strong>Previous topic:</strong> <a href="rzakhkerberos.htm" title="You must stop and restart the Kerberos server in i5/OS PASE to update the encryption values that you just changed.">Stop and restart the Kerberos server</a></div>
<div class="nextlink"><strong>Next topic:</strong> <a href="rzakhconfigwkstation.htm" title="Configure your client workstations by setting the Kerberos realm and the Kerberos server.">Configure Windows 2000 and Windows XP workstations</a></div>
</div>
</div>
</body>
</html>
Add readme and dist folders 2024-04-02 14:02:31 +00:00			`<?xml version="1.0" encoding="UTF-8"?>`
			`<!DOCTYPE html`
			`PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">`
			`<html lang="en-us" xml:lang="en-us">`
			`<head>`
			`<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />`
			`<meta name="security" content="public" />`
			`<meta name="Robots" content="index,follow" />`
			`<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />`
			`<meta name="DC.Type" content="task" />`
			`<meta name="DC.Title" content="Create host, user, and service principals" />`
			`<meta name="abstract" content="Create host principals for your Windows 2000 and Windows XP workstations. Create user and service principals on your Kerberos server." />`
			`<meta name="description" content="Create host principals for your Windows 2000 and Windows XP workstations. Create user and service principals on your Kerberos server." />`
			`<meta name="DC.Relation" scheme="URI" content="rzakhconfigpase.htm" />`
			`<meta name="DC.Relation" scheme="URI" content="rzakhkerberos.htm" />`
			`<meta name="DC.Relation" scheme="URI" content="rzakhconfigwkstation.htm" />`
			`<meta name="copyright" content="(C) Copyright IBM Corporation 1998, 2006" />`
			`<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 1998, 2006" />`
			`<meta name="DC.Format" content="XHTML" />`
			`<meta name="DC.Identifier" content="rzakhcreatehostprin" />`
			`<meta name="DC.Language" content="en-us" />`
			`<!-- All rights reserved. Licensed Materials Property of IBM -->`
			`<!-- US Government Users Restricted Rights -->`
			`<!-- Use, duplication or disclosure restricted by -->`
			`<!-- GSA ADP Schedule Contract with IBM Corp. -->`
			`<link rel="stylesheet" type="text/css" href="./ibmdita.css" />`
			`<link rel="stylesheet" type="text/css" href="./ic.css" />`
			`<title>Create host, user, and service principals</title>`
			`</head>`
			`<body id="rzakhcreatehostprin"><a name="rzakhcreatehostprin"><!-- --></a>`
			`<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>`
			`<h1 class="topictitle1">Create host, user, and service principals</h1>`
			`<div><p>Create host principals for your Windows<sup>®</sup> 2000 and Windows XP`
			`workstations. Create user and service principals on your Kerberos server.</p>`
			`<div class="section"><div class="p">This procedure creates the following:<ul><li>Host principals for Windows 2000 and Windows XP`
			`workstations</li>`
			`<li>User principals on the Kerberos server</li>`
			`<li>Service principal on the Kerberos server</li>`
			`</ul>`
			`</div>`
			`<p>To provide interoperability between a Windows 2000 or Windows XP`
			`workstation and a Kerberos server in i5/OS™ PASE, you need to add a host principal`
			`for the workstation to the Kerberos realm. For users to be authenticated to`
			`services in your network, you must add them to the Kerberos server as principals.`
			`These user principals are stored on the Kerberos server and are used to validate`
			`users on the network. For i5/OS to accept Kerberos tickets, you must add them`
			`to the Kerberos server as principals. Complete the following tasks:</p>`
			`<div class="note"><span class="notetitle">Note:</span> User`
			`names, host names, and passwords are used for example purposes only.</div>`
			`</div>`
			`<ol><li class="stepexpand"><span>In a character-based interface, enter <tt>call QP2TERM</tt> at`
			`the command line.</span> This command opens an interactive shell environment`
			`that allows you to work with i5/OS PASE applications.</li>`
			`<li class="stepexpand"><span>At the command line, enter <tt>export PATH=$PATH:/usr/krb5/sbin</tt>. </span> This command points to the Kerberos scripts that are necessary to run`
			`the executable files.</li>`
			`<li class="stepexpand"><span>At the command line, enter <tt>kadmin -p admin/admin</tt>, and`
			`press Enter.</span></li>`
			`<li class="stepexpand"><span>Sign in with administrator's password.</span></li>`
			`<li class="stepexpand"><span>At the kadmin prompt, enter <tt>addprinc -pw secret1 host/pc1.myco.com</tt>.</span> This command creates a host principal for the PC in your network. Repeat`
			`this step for all the PCs in your network.</li>`
			`<li class="stepexpand"><span>Enter <tt>addprinc -pw secret jonesm</tt>.</span> This command`
			`creates a principal for your user, Mary Jones. Repeat this step for all of`
			`your users.</li>`
			`<li class="stepexpand"><span>At the kadmin prompt, enter <tt>addprinc -pw iseriesa123 krbsvr400/iseriesa.myco.com</tt>.</span> This command creates a service principal for the Kerberos server.</li>`
			`<li class="stepexpand"><span>Enter <tt>quit</tt> to exit the kadmin interface, and press F3`
			`(Exit) to exit the PASE environment.</span></li>`
			`</ol>`
			`</div>`
			`<div>`
			`<div class="familylinks">`
			`<div class="parentlink"><strong>Parent topic:</strong> <a href="rzakhconfigpase.htm" title="Configure and manage a Kerberos server from your iSeries system to provide an integrated runtime environment for AIX applications.">Configure a Kerberos server in i5/OS PASE</a></div>`
			`<div class="previouslink"><strong>Previous topic:</strong> <a href="rzakhkerberos.htm" title="You must stop and restart the Kerberos server in i5/OS PASE to update the encryption values that you just changed.">Stop and restart the Kerberos server</a></div>`
			`<div class="nextlink"><strong>Next topic:</strong> <a href="rzakhconfigwkstation.htm" title="Configure your client workstations by setting the Kerberos realm and the Kerberos server.">Configure Windows 2000 and Windows XP workstations</a></div>`
			`</div>`
			`</div>`
			`</body>`
			`</html>`