friedkiwi/ibm-information-center
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
6290434003
ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzamz_5.4.0.1/rzamzssoplanworksheet.htm

263 lines
15 KiB
HTML
Raw Normal View History

Add readme and dist folders
2024-04-02 14:02:31 +00:00
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="concept" />
<meta name="DC.Title" content="Single signon planning worksheets" />
<meta name="abstract" content="Use these worksheets to ensure that you have met all of the prerequisites for single signon and that you have considered all of the aspects of your particular system and its security requirements." />
<meta name="description" content="Use these worksheets to ensure that you have met all of the prerequisites for single signon and that you have considered all of the aspects of your particular system and its security requirements." />
<meta name="DC.Relation" scheme="URI" content="rzamzplan.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 2000, 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2000, 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="rzamzssoplanworksheet" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Single signon planning worksheets</title>
</head>
<body id="rzamzssoplanworksheet"><a name="rzamzssoplanworksheet"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Single signon planning worksheets</h1>
<div><p>Use these worksheets to ensure that you have met all of the prerequisites
for single signon and that you have considered all of the aspects of your
particular system and its security requirements.</p>
<p>Before you use these configuration planning worksheets, you need to <a href="rzamzplan.htm#rzamzplan">plan your overall single signon
implementation</a>. Use these configuration planning worksheets to ensure
that you have met all of the prerequisites, and that you have taken into consideration
all of the aspects of your particular <span class="keyword">iSeries™</span> system.</p>
<div class="section"><h4 class="sectiontitle">Single signon prerequisite worksheet</h4><p>This detailed
work sheet is provided to help you ensure that you meet all hardware and software
prerequisites for implementing single signon. To ensure a successful implementation,
you must be able to answer <span class="uicontrol">Yes</span> to all prerequisite
items in the work sheet and you should gather all the information necessary
to complete the work sheets before you perform any configuration tasks.</p>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" width="100%" frame="border" border="1" rules="all"><caption>Table 1. Single signon prerequisite work sheet</caption><tbody><tr><td align="left" valign="top" width="61.61616161616161%"><strong>Prerequisite work sheet</strong></td>
<td align="left" valign="top" width="38.38383838383838%"><strong>Answers</strong> </td>
</tr>
<tr><td align="left" valign="top" width="61.61616161616161%">Is your <span class="keyword">i5/OS™</span> V5R4
(5722-SS1)?</td>
<td align="left" valign="top" width="38.38383838383838%">&nbsp;</td>
</tr>
<tr><td valign="top" width="61.61616161616161%">Are the following options and licensed products installed
on your server?<ul><li><span class="keyword">i5/OS</span> Host Servers
(5722-SS1 Option 12)</li>
<li>Qshell Interpreter (5722-SS1 Option 30)</li>
<li><span class="keyword">iSeries Access for Windows<sup>®</sup></span> (5722-XE1)</li>
</ul>
</td>
<td valign="top" width="38.38383838383838%">&nbsp;</td>
</tr>
<tr><td align="left" valign="top" width="61.61616161616161%">Have you installed an application that is
enabled for single signon on each of the PCs that will participate in the
single signon environment? <div class="note"><span class="notetitle">Note:</span> For the scenarios in this information, all
of the PCs have <span class="keyword">iSeries Access for Windows</span> (5722-XE1)
installed.</div>
</td>
<td align="left" valign="top" width="38.38383838383838%">&nbsp;</td>
</tr>
<tr><td align="left" valign="top" width="61.61616161616161%">Is <span class="keyword">iSeries Navigator</span> installed
on the administrator's PC?<ul><li>Is the Security subcomponent of <span class="keyword">iSeries Navigator</span> installed
on the administrator's PC?</li>
<li>Is the Network subcomponent of <span class="keyword">iSeries Navigator</span> installed
on the administrator's PC?</li>
</ul>
</td>
<td align="left" valign="top" width="38.38383838383838%">&nbsp;</td>
</tr>
<tr><td valign="top" width="61.61616161616161%">Have you installed the latest <span class="keyword">iSeries Access for Windows</span> service
pack? For the latest service pack see <a href="http://www-1.ibm.com/servers/eserver/iseries/access/casp.htm" target="_blank">iSeries Access</a><img src="www.gif" alt="link outside the Information Center" />.</td>
<td valign="top" width="38.38383838383838%">&nbsp;</td>
</tr>
<tr><td align="left" valign="top" width="61.61616161616161%">Do you, the administrator, have *SECADM,
*ALLOBJ, and *IOSYSCFG special authorities?</td>
<td align="left" valign="top" width="38.38383838383838%">&nbsp;</td>
</tr>
<tr><td align="left" valign="top" width="61.61616161616161%">Do you have one of the following systems
acting as the Kerberos server (also known as the KDC)? If yes, specify which
system. <ol><li><span class="keyword">Windows 2000</span> Server<div class="note"><span class="notetitle">Note:</span> Microsoft<sup>®</sup> <span class="keyword">Windows 2000</span> uses Kerberos authentication
as its default security mechanism. </div>
</li>
<li>Windows <sup>(R)</sup> Server
2003</li>
<li><span class="keyword">i5/OS</span> PASE (V5R3 or
later)</li>
<li>AIX<sup>®</sup> server</li>
<li>zSeries<sup>®</sup></li>
</ol>
</td>
<td align="left" valign="top" width="38.38383838383838%">&nbsp;</td>
</tr>
<tr><td align="left" valign="top" width="61.61616161616161%">Are all your PCs in your network configured
in a <span class="keyword">Windows 2000</span> domain?</td>
<td align="left" valign="top" width="38.38383838383838%">&nbsp;</td>
</tr>
<tr><td align="left" valign="top" width="61.61616161616161%">Have you applied the latest program temporary
fixes (PTFs)?</td>
<td align="left" valign="top" width="38.38383838383838%">&nbsp;</td>
</tr>
<tr><td align="left" valign="top" width="61.61616161616161%">Is the <span class="keyword">iSeries</span> system
time within 5 minutes of the system time on the Kerberos server? If not see <a href="../rzakh/rzakhsync.htm">Synchronize system
times</a>.</td>
<td align="left" valign="top" width="38.38383838383838%">&nbsp;</td>
</tr>
</tbody>
</table>
</div>
</div>
<div class="section"><h4 class="sectiontitle">Single signon configuration planning worksheet</h4><p>This
is a configuration planning worksheets, designed to ensure that you have met
all of the hardware and software prerequisites for single signon. Additionally,
this worksheet ensures that you have completed those Enterprise Identity Mapping
(EIM) and network authentication service configuration tasks that are required
for a successful single signon environment.</p>
<div class="note"><span class="notetitle">Note:</span> The single signon configuration
planning worksheet is designed to assist you with the implementation of a
single signon environment based on Enterprise Identity Mapping (EIM) and network
authentication services. If you intend to use a different authentication mechanism,
such as IBM<sup>®</sup> Directory
Server for <span class="keyword">iSeries</span> (LDAP)
or digital certificates, you may need to adapt portions of this work sheet
to better suit your needs.</div>
<div class="tablenoborder"><a name="rzamzssoplanworksheet__genplan"><!-- --></a><table cellpadding="4" cellspacing="0" summary="" id="rzamzssoplanworksheet__genplan" width="100%" frame="border" border="1" rules="all"><caption>Table 2. Single signon configuration planning work sheet</caption><tbody><tr><td align="left" valign="top" width="58.58585858585859%"><span class="uicontrol">Configuration planning work sheet </span></td>
<td align="left" valign="top" width="41.41414141414141%"><span class="uicontrol">Answers</span></td>
</tr>
<tr><td colspan="2" valign="top">Use the following information to complete
the EIM Configuration wizard:</td>
</tr>
<tr><td valign="top" width="58.58585858585859%">How do you want to configure EIM for your system?<ul><li>Join an existing domain</li>
<li>Create and join a new domain</li>
</ul>
</td>
<td valign="top" width="41.41414141414141%">&nbsp;</td>
</tr>
<tr><td valign="top" width="58.58585858585859%">Where do you want to configure your EIM domain?</td>
<td valign="top" width="41.41414141414141%">&nbsp;</td>
</tr>
<tr><td valign="top" width="58.58585858585859%">Do you want to configure network authentication service?</td>
<td valign="top" width="41.41414141414141%">&nbsp;</td>
</tr>
<tr><td colspan="2" valign="top"><span class="uicontrol">The Network Authentication
Service wizard launches from the EIM Configuration wizard. Use the following
information to complete the Network Authentication Service wizard:</span><div class="note"><span class="notetitle">Note:</span> The
Network Authentication Service wizard can also be launched independently of
the EIM Configuration wizard.</div>
</td>
</tr>
<tr><td valign="top" width="58.58585858585859%">What is the name of the Kerberos default realm to which
your <span class="keyword">iSeries</span> will belong?<div class="note"><span class="notetitle">Note:</span> A <span class="keyword">Windows 2000</span> domain is similar to a Kerberos
realm. Microsoft Windows Active Directory uses Kerberos
authentication as its default security mechanism.</div>
</td>
<td valign="top" width="41.41414141414141%">&nbsp;</td>
</tr>
<tr><td valign="top" width="58.58585858585859%">Are you using Microsoft Active Directory?</td>
<td valign="top" width="41.41414141414141%">&nbsp;</td>
</tr>
<tr><td valign="top" width="58.58585858585859%">What is the Kerberos server, also known as a key distribution
center (KDC), for this Kerberos default realm? What is the port on which the
Kerberos server listens?</td>
<td valign="top" width="41.41414141414141%"> </td>
</tr>
<tr><td valign="top" width="58.58585858585859%">Do you want to configure a password server for this
default realm? If yes, answer the following questions: <p>What is name of the password server for this Kerberos server?<br />
What is the port on which the password server listens?</p>
</td>
<td valign="top" width="41.41414141414141%">&nbsp;</td>
</tr>
<tr><td valign="top" width="58.58585858585859%">For which services do you want to create keytab entries?<ul><li><span class="keyword">i5/OS</span> Kerberos Authentication</li>
<li>LDAP</li>
<li><span class="keyword">IBM HTTP Server for i5/OS</span></li>
<li>iSeries NetServer™</li>
</ul>
</td>
<td valign="top" width="41.41414141414141%">&nbsp;</td>
</tr>
<tr><td valign="top" width="58.58585858585859%">What is the password for your service principal or principals? </td>
<td valign="top" width="41.41414141414141%">&nbsp;</td>
</tr>
<tr><td valign="top" width="58.58585858585859%">Do you want to create a batch file to automate adding
the service principals for <span class="keyword">iSeries</span> A
to the Kerberos registry?</td>
<td valign="top" width="41.41414141414141%">&nbsp;</td>
</tr>
<tr><td valign="top" width="58.58585858585859%">Do you want to include passwords with the <span class="keyword">i5/OS</span> service
principals in the batch file?</td>
<td valign="top" width="41.41414141414141%">&nbsp;</td>
</tr>
<tr><td colspan="2" valign="top">As you exit the Network Authentication
Service wizard, you will return to the EIM Configuration wizard. Use the following
information to complete the EIM Configuration wizard:</td>
</tr>
<tr><td valign="top" width="58.58585858585859%">Specify user information that the wizard should use
when configuring the directory server. This is the connection user. You must
specify the port number, administrator distinguished name, and a password
for the administrator.</td>
<td valign="top" width="41.41414141414141%"> </td>
</tr>
<tr><td valign="top" width="58.58585858585859%">What is the name of the EIM domain that you want to
create?</td>
<td valign="top" width="41.41414141414141%">&nbsp;</td>
</tr>
<tr><td valign="top" width="58.58585858585859%">Do you want to specify a parent DN for the EIM domain?</td>
<td valign="top" width="41.41414141414141%">&nbsp;</td>
</tr>
<tr><td valign="top" width="58.58585858585859%">Which user registries do you want to add to the EIM
domain?</td>
<td valign="top" width="41.41414141414141%">&nbsp;</td>
</tr>
<tr><td valign="top" width="58.58585858585859%">Which EIM user do you want <span class="keyword">iSeries</span> A
to use when performing EIM operations? This is the system user.</td>
<td valign="top" width="41.41414141414141%"> </td>
</tr>
<tr><td colspan="2" valign="top">After you complete the EIM Configuration
wizard, use the following information to complete the remaining steps required
for configuring single signon:</td>
</tr>
<tr><td valign="top" width="58.58585858585859%">What is the <span class="keyword">i5/OS</span> user
profile name for the user?</td>
<td valign="top" width="41.41414141414141%">&nbsp;</td>
</tr>
<tr><td valign="top" width="58.58585858585859%">What is the name of the EIM identifier that you want
to create?</td>
<td valign="top" width="41.41414141414141%">&nbsp;</td>
</tr>
<tr><td valign="top" width="58.58585858585859%">What kinds of associations do you want to create? </td>
<td valign="top" width="41.41414141414141%">&nbsp;</td>
</tr>
<tr><td valign="top" width="58.58585858585859%">What is the name of the user registry that contains
the Kerberos principal for which you are creating the source association?</td>
<td valign="top" width="41.41414141414141%">&nbsp;</td>
</tr>
<tr><td valign="top" width="58.58585858585859%">What is the name of the user registry that contains
the <span class="keyword">i5/OS</span> user profile
for which you are creating the target association?</td>
<td valign="top" width="41.41414141414141%">&nbsp;</td>
</tr>
<tr><td valign="top" width="58.58585858585859%">What information do you need to supply to test EIM identity
mapping?</td>
<td valign="top" width="41.41414141414141%">&nbsp;</td>
</tr>
</tbody>
</table>
</div>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzamzplan.htm" title="Use this information to learn about planning considerations and tasks for implementing single signon, including software and hardware prerequisites and other requirements. Also, review the single signon planning process to help you plan how best to implement single signon in your enterprise.">Plan</a></div>
</div>
</div>
</body>
</html>
Reference in New Issue Copy Permalink