ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzakh_5.4.0.1/rzakhpascesenario_testauthenticationservice.htm

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
  PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="task" />
<meta name="DC.Title" content="Test network authentication service" />
<meta name="DC.Relation" scheme="URI" content="rzakhscenpase.htm" />
<meta name="DC.Relation" scheme="URI" content="rzakhpascesenario_createahomedirectory.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 1998, 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 1998, 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="rzakhpascesenario_testauthenticationservice" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Test network authentication service</title>
</head>
<body id="rzakhpascesenario_testauthenticationservice"><a name="rzakhpascesenario_testauthenticationservice"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Test network authentication service</h1>
<div><div class="section">You should test the network authentication service configuration
by requesting a ticket granting ticket for your i5/OS™ principal and other principals within
your network. <div class="note"><span class="notetitle">Note:</span> Be sure you have created a home directory for your i5/OS user
profile before performing this test.</div>
To test the network authentication
service configuration, follow these steps:</div>
<ol><li class="stepexpand"><span>On a command line, enter <tt>QSH</tt> to start the Qshell Interpreter.</span></li>
<li class="stepexpand"><span>Enter <tt>keytab list</tt> to display a list of principals registered
in the keytab file. The following results should display:</span> <pre class="screen">Principal: krbsvr400/iseriesa.myco.com@MYCO.COM      
  Key version: 2                                                       
  Key type: 56-bit DES using key derivation                            
  Entry timestamp: 200X/05/29-11:02:58                                 </pre>
</li>
<li class="stepexpand"><span>Enter <tt>kinit -k krbsvr400/iseriesa.myco.com@MYCO.COM</tt> to
request a ticket-granting ticket from the Kerberos server.</span> This
command verifies that your iSeries™ server has been configured properly and the
password in the keytab file matches the password stored on the Kerberos server.
If this is successful then the QSH command will display without errors.</li>
<li class="stepexpand"><span>Enter <tt>klist</tt> to verify that the default principal is krbsvr400/iseriesa.myco.com@MYCO.COM.</span> This command displays the contents of a Kerberos credentials cache and
verifies that a valid ticket has been created for the i5/OS service principal and placed within
the credentials cache on the iSeries system.<pre class="screen"> Ticket cache: FILE:/QIBM/USERDATA/OS400/NETWORKAUTHENTICATION/creds/krbcred
                                                                    
 Default principal: krbsvr400/iseriesa.myco.com@MYCO.COM  
                                                                            
Server: krbtgt/MYCO.COM@MYCO.COM              
  Valid 200X/06/09-12:08:45 to 20XX/11/05-03:08:45                          
$                                                                           </pre>
</li>
</ol>
<div class="section">You have completed the steps required to configure your iSeries server
to be a Kerberos server and you can use Kerberos to authenticate the users
in the MYCO.COM realm.</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzakhscenpase.htm" title="Understand the goals, objectives, prerequisites, and configuration steps for setting up your Kerberos server.">Scenario: Set up Kerberos server in i5/OS PASE</a></div>
<div class="previouslink"><strong>Previous topic:</strong> <a href="rzakhpascesenario_createahomedirectory.htm">Create a home directory for users on iSeries A</a></div>
</div>
</div>
</body>
</html>
Add readme and dist folders 2024-04-02 14:02:31 +00:00			`<?xml version="1.0" encoding="UTF-8"?>`
			`<!DOCTYPE html`
			`PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">`
			`<html lang="en-us" xml:lang="en-us">`
			`<head>`
			`<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />`
			`<meta name="security" content="public" />`
			`<meta name="Robots" content="index,follow" />`
			`<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />`
			`<meta name="DC.Type" content="task" />`
			`<meta name="DC.Title" content="Test network authentication service" />`
			`<meta name="DC.Relation" scheme="URI" content="rzakhscenpase.htm" />`
			`<meta name="DC.Relation" scheme="URI" content="rzakhpascesenario_createahomedirectory.htm" />`
			`<meta name="copyright" content="(C) Copyright IBM Corporation 1998, 2006" />`
			`<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 1998, 2006" />`
			`<meta name="DC.Format" content="XHTML" />`
			`<meta name="DC.Identifier" content="rzakhpascesenario_testauthenticationservice" />`
			`<meta name="DC.Language" content="en-us" />`
			`<!-- All rights reserved. Licensed Materials Property of IBM -->`
			`<!-- US Government Users Restricted Rights -->`
			`<!-- Use, duplication or disclosure restricted by -->`
			`<!-- GSA ADP Schedule Contract with IBM Corp. -->`
			`<link rel="stylesheet" type="text/css" href="./ibmdita.css" />`
			`<link rel="stylesheet" type="text/css" href="./ic.css" />`
			`<title>Test network authentication service</title>`
			`</head>`
			`<body id="rzakhpascesenario_testauthenticationservice"><a name="rzakhpascesenario_testauthenticationservice"><!-- --></a>`
			`<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>`
			`<h1 class="topictitle1">Test network authentication service</h1>`
			`<div><div class="section">You should test the network authentication service configuration`
			`by requesting a ticket granting ticket for your i5/OS™ principal and other principals within`
			`your network. <div class="note"><span class="notetitle">Note:</span> Be sure you have created a home directory for your i5/OS user`
			`profile before performing this test.</div>`
			`To test the network authentication`
			`service configuration, follow these steps:</div>`
			`<ol><li class="stepexpand"><span>On a command line, enter <tt>QSH</tt> to start the Qshell Interpreter.</span></li>`
			`<li class="stepexpand"><span>Enter <tt>keytab list</tt> to display a list of principals registered`
			`in the keytab file. The following results should display:</span> <pre class="screen">Principal: krbsvr400/iseriesa.myco.com@MYCO.COM`
			`Key version: 2`
			`Key type: 56-bit DES using key derivation`
			`Entry timestamp: 200X/05/29-11:02:58 </pre>`
			`</li>`
			`<li class="stepexpand"><span>Enter <tt>kinit -k krbsvr400/iseriesa.myco.com@MYCO.COM</tt> to`
			`request a ticket-granting ticket from the Kerberos server.</span> This`
			`command verifies that your iSeries™ server has been configured properly and the`
			`password in the keytab file matches the password stored on the Kerberos server.`
			`If this is successful then the QSH command will display without errors.</li>`
			`<li class="stepexpand"><span>Enter <tt>klist</tt> to verify that the default principal is krbsvr400/iseriesa.myco.com@MYCO.COM.</span> This command displays the contents of a Kerberos credentials cache and`
			`verifies that a valid ticket has been created for the i5/OS service principal and placed within`
			`the credentials cache on the iSeries system.<pre class="screen"> Ticket cache: FILE:/QIBM/USERDATA/OS400/NETWORKAUTHENTICATION/creds/krbcred`

			`Default principal: krbsvr400/iseriesa.myco.com@MYCO.COM`

			`Server: krbtgt/MYCO.COM@MYCO.COM`
			`Valid 200X/06/09-12:08:45 to 20XX/11/05-03:08:45`
			`$ </pre>`
			`</li>`
			`</ol>`
			`<div class="section">You have completed the steps required to configure your iSeries server`
			`to be a Kerberos server and you can use Kerberos to authenticate the users`
			`in the MYCO.COM realm.</div>`
			`</div>`
			`<div>`
			`<div class="familylinks">`
			`<div class="parentlink"><strong>Parent topic:</strong> <a href="rzakhscenpase.htm" title="Understand the goals, objectives, prerequisites, and configuration steps for setting up your Kerberos server.">Scenario: Set up Kerberos server in i5/OS PASE</a></div>`
			`<div class="previouslink"><strong>Previous topic:</strong> <a href="rzakhpascesenario_createahomedirectory.htm">Create a home directory for users on iSeries A</a></div>`
			`</div>`
			`</div>`
			`</body>`
			`</html>`