76 lines
5.6 KiB
HTML
76 lines
5.6 KiB
HTML
|
<?xml version="1.0" encoding="UTF-8"?>
|
||
|
<!DOCTYPE html
|
||
|
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
||
|
<html lang="en-us" xml:lang="en-us">
|
||
|
<head>
|
||
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
||
|
<meta name="security" content="public" />
|
||
|
<meta name="Robots" content="index,follow" />
|
||
|
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
|
||
|
<meta name="DC.Type" content="task" />
|
||
|
<meta name="DC.Title" content="Add Kerberos service principal to the trusted group file for each endpoint" />
|
||
|
<meta name="DC.Relation" scheme="URI" content="rzakhscenmc2.htm" />
|
||
|
<meta name="DC.Relation" scheme="URI" content="rzakhkerberosscenario_restartmanagementcentral.htm" />
|
||
|
<meta name="DC.Relation" scheme="URI" content="rzakhkerberosscenario_verifykerberosprincipal.htm" />
|
||
|
<meta name="copyright" content="(C) Copyright IBM Corporation 1998, 2006" />
|
||
|
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 1998, 2006" />
|
||
|
<meta name="DC.Format" content="XHTML" />
|
||
|
<meta name="DC.Identifier" content="rzakhkerberosscenario_addkerberosserviceprincipal" />
|
||
|
<meta name="DC.Language" content="en-us" />
|
||
|
<!-- All rights reserved. Licensed Materials Property of IBM -->
|
||
|
<!-- US Government Users Restricted Rights -->
|
||
|
<!-- Use, duplication or disclosure restricted by -->
|
||
|
<!-- GSA ADP Schedule Contract with IBM Corp. -->
|
||
|
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
|
||
|
<link rel="stylesheet" type="text/css" href="./ic.css" />
|
||
|
<title>Add Kerberos service principal to the trusted group file for each endpoint</title>
|
||
|
</head>
|
||
|
<body id="rzakhkerberosscenario_addkerberosserviceprincipal"><a name="rzakhkerberosscenario_addkerberosserviceprincipal"><!-- --></a>
|
||
|
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
|
||
|
<h1 class="topictitle1">Add Kerberos service principal to the trusted group file for each endpoint</h1>
|
||
|
<div><div class="section">After the Management Central servers all have been restarted, you
|
||
|
need to add the central system's Kerberos service principal to the trusted
|
||
|
group file for each of the endpoint systems. From the central system, run
|
||
|
a remote command, such as DSPLIBL (Display Library List), to all the endpoint
|
||
|
systems. Each endpoint system automatically adds the central system's Kerberos
|
||
|
service principal to its individual trusted group file because <span class="uicontrol">Add
|
||
|
to trusted group</span> is selected as the authentication level on each
|
||
|
endpoint system. You can run any remote command from the central system to
|
||
|
an endpoint system to cause the Management Central server job on the endpoint
|
||
|
system to record the necessary Kerberos service principals in the trusted
|
||
|
group file. The DSPLIBL (Display Library List) command is used for example
|
||
|
purposes only.<div class="note"><span class="notetitle">Note:</span> If you use a model or source system to run tasks, such
|
||
|
as Send Fixes, Send Users, Synchronize Time, you should run these tasks so
|
||
|
that the correct Kerberos service principals are added to the correct trusted
|
||
|
group files.</div>
|
||
|
<p>For this scenario, you decide to run a remote command
|
||
|
to all the endpoint systems to add the Kerberos service principal to the trusted
|
||
|
group file on each endpoint system. To run a remote command, follow these
|
||
|
steps: </p>
|
||
|
</div>
|
||
|
<ol><li class="stepexpand"><span>In iSeries™ Navigator,
|
||
|
expand <span class="menucascade"><span class="uicontrol">Management Central (iSeriesA)</span> > <span class="uicontrol">System
|
||
|
Groups</span></span>.</span></li>
|
||
|
<li class="stepexpand"><span>Right-click <span class="uicontrol">MyCo2 system group</span> and select <span class="uicontrol">Run
|
||
|
Command</span>. </span></li>
|
||
|
<li class="stepexpand"><span>On the <span class="uicontrol">Run Command-MyCo2 system group</span> page,
|
||
|
enter <tt>dsplibl</tt> in the <span class="uicontrol">Commands to run</span> field
|
||
|
and click <span class="uicontrol">OK</span> to start the command task immediately. </span> You can also click <span class="uicontrol">Previous Commands</span> to select
|
||
|
from a list of commands you have previously run, or you can click <span class="uicontrol">Prompt</span> to
|
||
|
get assistance in entering or selecting an i5/OS™ command.</li>
|
||
|
<li class="stepexpand"><span>By default, a dialog box is displayed that indicates the Run Command
|
||
|
task has started. However, if you have changed the default setting, this dialog
|
||
|
box is not displayed. Click <span class="uicontrol">OK</span>.</span></li>
|
||
|
<li class="stepexpand"><span>On the <span class="uicontrol">Run Command Status</span> dialog box, verify
|
||
|
that the command completes on each system and close the dialog box.</span></li>
|
||
|
</ol>
|
||
|
</div>
|
||
|
<div>
|
||
|
<div class="familylinks">
|
||
|
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzakhscenmc2.htm" title="Use the following scenario to become familiar with the prerequisites and objectives for using Kerberos authentication between Management Central servers.">Scenario: Use Kerberos authentication between Management Central servers</a></div>
|
||
|
<div class="previouslink"><strong>Previous topic:</strong> <a href="rzakhkerberosscenario_restartmanagementcentral.htm">Restart Management Central server on the central system and target systems</a></div>
|
||
|
<div class="nextlink"><strong>Next topic:</strong> <a href="rzakhkerberosscenario_verifykerberosprincipal.htm">Verify the Kerberos principals are added to the trusted group file</a></div>
|
||
|
</div>
|
||
|
</div>
|
||
|
</body>
|
||
|
</html>
|