ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzamz_5.4.0.1/rzakhprealm.htm

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
  PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="concept" />
<meta name="DC.Title" content="Plan realms" />
<meta name="abstract" content="Understanding your enterprise can help you plan for realms in your environment." />
<meta name="description" content="Understanding your enterprise can help you plan for realms in your environment." />
<meta name="DC.Relation" scheme="URI" content="rzakhplan.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 2000, 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2000, 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="rzakhprealm" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Plan realms</title>
</head>
<body id="rzakhprealm"><a name="rzakhprealm"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Plan realms</h1>
<div><p>Understanding your enterprise can help you plan for realms in your
environment.</p>
<div class="p">In Kerberos protocol, realms consist of a collection of machines and services
that use a single authentication server called a Kerberos server or key distribution
center (KDC). Realms are managed individually. Applications and services within
the realm typically share some common use or purpose. The following general
questions can aid you in planning realms in your enterprise:<dl><dt class="dlterm">How large is my current environment?</dt>
<dd>The size of your environment determines the number of realms you will
need. In a larger enterprise you may consider several realms that are based
on organizational boundaries or how certain systems are used within the enterprise.
For example, you establish realms that represent different organizations in
your company such as realms for your human resource department, customer service
department, or shipping department. You can also create realms for a collection
of machines or services that perform similar functions. Typically, smaller
enterprises may need only one or two realms.</dd>
<dt class="dlterm">How quickly do I anticipate my environment to grow?</dt>
<dd>If you plan for your enterprise to grow quickly you may want to set up
several realms representing smaller organizational units in your enterprise.
If you anticipate that your enterprise will grow more slowly, you can set
up only one or two realms based on your organization now.</dd>
<dt class="dlterm">How many administrators will I need to manage these realms?</dt>
<dd>No matter how large or small your enterprise is, you need to make sure
you have knowledgeable personnel to set up and administer the realms that
you need. </dd>
</dl>
</div>
<div class="section"><h4 class="sectionscenariobar">Naming realms</h4><p>According
to the conventions of the Kerberos protocol, realm names are typically comprised
of an uppercase version of the domain name, such as MYCO.COM. In networks
with multiple realms, you can create a realm name that includes an uppercase
descriptive name and domain name. For example, you might have two realms,
one called HR.MYCO.COM and the other named SHIPPING.MYCO.COM, each representing
a particular department in your organization.</p>
<p>It is not necessary to
use uppercase, however, some implementations of Kerberos enforce this convention.
For example, realm names are strictly uppercase in a Microsoft<sup>®</sup> Windows<sup>®</sup> Active
Directory. If you are configuring network authentication service on the iSeries™ to
participate in a Kerberos realm configured in Microsoft Windows Active Directory, you must enter
the realm name in uppercase.</p>
<p>For a Kerberos server that is configured
in i5/OS™ PASE,
you can create either upper or lowercase realm names. However, if you plan
to create trust relationships between a Kerberos server configured with Microsoft Window
Active Directory and a Kerberos server configured in i5/OS PASE, the realm names should be uppercase.</p>
<div class="p">
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" width="100%" frame="border" border="1" rules="all"><caption>Table 1. Example planning work sheet for Kerberos realms</caption><thead align="left"><tr><th valign="top" id="d0e72">Questions</th>
<th valign="top" id="d0e74">Answers</th>
</tr>
</thead>
<tbody><tr><td valign="top" headers="d0e72 ">How many realms do you need?</td>
<td valign="top" headers="d0e74 ">Two</td>
</tr>
<tr><td valign="top" headers="d0e72 ">How do you plan to organize realms?</td>
<td valign="top" headers="d0e74 ">Currently our company has a Windows 2000 server that authenticates
users in our Order Receiving Department. Our Shipping Department use a Kerberos
server in i5/OS PASE.
Each of these departments will have its own realm.</td>
</tr>
<tr><td valign="top" headers="d0e72 ">What will be the naming convention used for realms?</td>
<td valign="top" headers="d0e74 ">We will use an uppercase shortened name that indicates
the department followed by an uppercase version of the Windows 2000
domain name. For example, ORDEPT.MYCO.COM will represent the Order Receiving
Department and SHIPDEPT.MYCO.COM will represent the Shipping Department.</td>
</tr>
</tbody>
</table>
</div>
</div>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzakhplan.htm" title="This information explains how to plan a successful network authentication service implementation for your enterprise. Learn about important configuration requirements, such as host name resolution issues and configuration prerequisites, as well as use the planning worksheets to gather the information you need for your configuration.">Plan network authentication service</a></div>
</div>
</div>
</body>
</html>
Add readme and dist folders 2024-04-02 14:02:31 +00:00			`<?xml version="1.0" encoding="UTF-8"?>`
			`<!DOCTYPE html`
			`PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">`
			`<html lang="en-us" xml:lang="en-us">`
			`<head>`
			`<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />`
			`<meta name="security" content="public" />`
			`<meta name="Robots" content="index,follow" />`
			`<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />`
			`<meta name="DC.Type" content="concept" />`
			`<meta name="DC.Title" content="Plan realms" />`
			`<meta name="abstract" content="Understanding your enterprise can help you plan for realms in your environment." />`
			`<meta name="description" content="Understanding your enterprise can help you plan for realms in your environment." />`
			`<meta name="DC.Relation" scheme="URI" content="rzakhplan.htm" />`
			`<meta name="copyright" content="(C) Copyright IBM Corporation 2000, 2006" />`
			`<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2000, 2006" />`
			`<meta name="DC.Format" content="XHTML" />`
			`<meta name="DC.Identifier" content="rzakhprealm" />`
			`<meta name="DC.Language" content="en-us" />`
			`<!-- All rights reserved. Licensed Materials Property of IBM -->`
			`<!-- US Government Users Restricted Rights -->`
			`<!-- Use, duplication or disclosure restricted by -->`
			`<!-- GSA ADP Schedule Contract with IBM Corp. -->`
			`<link rel="stylesheet" type="text/css" href="./ibmdita.css" />`
			`<link rel="stylesheet" type="text/css" href="./ic.css" />`
			`<title>Plan realms</title>`
			`</head>`
			`<body id="rzakhprealm"><a name="rzakhprealm"><!-- --></a>`
			`<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>`
			`<h1 class="topictitle1">Plan realms</h1>`
			`<div><p>Understanding your enterprise can help you plan for realms in your`
			`environment.</p>`
			`<div class="p">In Kerberos protocol, realms consist of a collection of machines and services`
			`that use a single authentication server called a Kerberos server or key distribution`
			`center (KDC). Realms are managed individually. Applications and services within`
			`the realm typically share some common use or purpose. The following general`
			`questions can aid you in planning realms in your enterprise:<dl><dt class="dlterm">How large is my current environment?</dt>`
			`<dd>The size of your environment determines the number of realms you will`
			`need. In a larger enterprise you may consider several realms that are based`
			`on organizational boundaries or how certain systems are used within the enterprise.`
			`For example, you establish realms that represent different organizations in`
			`your company such as realms for your human resource department, customer service`
			`department, or shipping department. You can also create realms for a collection`
			`of machines or services that perform similar functions. Typically, smaller`
			`enterprises may need only one or two realms.</dd>`
			`<dt class="dlterm">How quickly do I anticipate my environment to grow?</dt>`
			`<dd>If you plan for your enterprise to grow quickly you may want to set up`
			`several realms representing smaller organizational units in your enterprise.`
			`If you anticipate that your enterprise will grow more slowly, you can set`
			`up only one or two realms based on your organization now.</dd>`
			`<dt class="dlterm">How many administrators will I need to manage these realms?</dt>`
			`<dd>No matter how large or small your enterprise is, you need to make sure`
			`you have knowledgeable personnel to set up and administer the realms that`
			`you need. </dd>`
			`</dl>`
			`</div>`
			`<div class="section"><h4 class="sectionscenariobar">Naming realms</h4><p>According`
			`to the conventions of the Kerberos protocol, realm names are typically comprised`
			`of an uppercase version of the domain name, such as MYCO.COM. In networks`
			`with multiple realms, you can create a realm name that includes an uppercase`
			`descriptive name and domain name. For example, you might have two realms,`
			`one called HR.MYCO.COM and the other named SHIPPING.MYCO.COM, each representing`
			`a particular department in your organization.</p>`
			`<p>It is not necessary to`
			`use uppercase, however, some implementations of Kerberos enforce this convention.`
			`For example, realm names are strictly uppercase in a Microsoft<sup>®</sup> Windows<sup>®</sup> Active`
			`Directory. If you are configuring network authentication service on the iSeries™ to`
			`participate in a Kerberos realm configured in Microsoft Windows Active Directory, you must enter`
			`the realm name in uppercase.</p>`
			`<p>For a Kerberos server that is configured`
			`in i5/OS™ PASE,`
			`you can create either upper or lowercase realm names. However, if you plan`
			`to create trust relationships between a Kerberos server configured with Microsoft Window`
			`Active Directory and a Kerberos server configured in i5/OS PASE, the realm names should be uppercase.</p>`
			`<div class="p">`
			`<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" width="100%" frame="border" border="1" rules="all"><caption>Table 1. Example planning work sheet for Kerberos realms</caption><thead align="left"><tr><th valign="top" id="d0e72">Questions</th>`
			`<th valign="top" id="d0e74">Answers</th>`
			`</tr>`
			`</thead>`
			`<tbody><tr><td valign="top" headers="d0e72 ">How many realms do you need?</td>`
			`<td valign="top" headers="d0e74 ">Two</td>`
			`</tr>`
			`<tr><td valign="top" headers="d0e72 ">How do you plan to organize realms?</td>`
			`<td valign="top" headers="d0e74 ">Currently our company has a Windows 2000 server that authenticates`
			`users in our Order Receiving Department. Our Shipping Department use a Kerberos`
			`server in i5/OS PASE.`
			`Each of these departments will have its own realm.</td>`
			`</tr>`
			`<tr><td valign="top" headers="d0e72 ">What will be the naming convention used for realms?</td>`
			`<td valign="top" headers="d0e74 ">We will use an uppercase shortened name that indicates`
			`the department followed by an uppercase version of the Windows 2000`
			`domain name. For example, ORDEPT.MYCO.COM will represent the Order Receiving`
			`Department and SHIPDEPT.MYCO.COM will represent the Shipping Department.</td>`
			`</tr>`
			`</tbody>`
			`</table>`
			`</div>`
			`</div>`
			`</div>`
			`</div>`
			`<div>`
			`<div class="familylinks">`
			`<div class="parentlink"><strong>Parent topic:</strong> <a href="rzakhplan.htm" title="This information explains how to plan a successful network authentication service implementation for your enterprise. Learn about important configuration requirements, such as host name resolution issues and configuration prerequisites, as well as use the planning worksheets to gather the information you need for your configuration.">Plan network authentication service</a></div>`
			`</div>`
			`</div>`
			`</body>`
			`</html>`