<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html lang="en-us" xml:lang="en-us"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <meta name="security" content="public" /> <meta name="Robots" content="index,follow" /> <meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' /> <meta name="DC.Type" content="concept" /> <meta name="DC.Title" content="Plan network authentication service" /> <meta name="abstract" content="Before implementing network authentication service or a Kerberos solution on your network it is essential to complete the necessary planning tasks." /> <meta name="description" content="Before implementing network authentication service or a Kerberos solution on your network it is essential to complete the necessary planning tasks." /> <meta name="DC.Relation" scheme="URI" content="rzakh000.htm" /> <meta name="DC.Relation" scheme="URI" content="rzakhpkdc.htm" /> <meta name="DC.Relation" scheme="URI" content="rzakhprealm.htm" /> <meta name="DC.Relation" scheme="URI" content="rzakhpprin.htm" /> <meta name="DC.Relation" scheme="URI" content="rzakhpdns.htm" /> <meta name="DC.Relation" scheme="URI" content="rzakhplanwrkshts.htm" /> <meta name="copyright" content="(C) Copyright IBM Corporation 1998, 2006" /> <meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 1998, 2006" /> <meta name="DC.Format" content="XHTML" /> <meta name="DC.Identifier" content="rzakhplan" /> <meta name="DC.Language" content="en-us" /> <!-- All rights reserved. Licensed Materials Property of IBM --> <!-- US Government Users Restricted Rights --> <!-- Use, duplication or disclosure restricted by --> <!-- GSA ADP Schedule Contract with IBM Corp. --> <link rel="stylesheet" type="text/css" href="./ibmdita.css" /> <link rel="stylesheet" type="text/css" href="./ic.css" /> <title>Plan network authentication service</title> </head> <body id="rzakhplan"><a name="rzakhplan"><!-- --></a> <!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script> <h1 class="topictitle1">Plan network authentication service</h1> <div><p>Before implementing network authentication service or a Kerberos solution on your network it is essential to complete the necessary planning tasks. </p> <div class="p">To plan network authentication service and a Kerberos implementation, you will need to gather the appropriate information about the systems and users on your network. Several planning work sheets have been provided to help you to configure network authentication service in your network.<div class="note"><span class="notetitle">Note:</span> Many different Kerberos authentication solutions exist and can be used in your enterprise. This information will focus on planning an iSeries™ implementation and considerations when using network authentication service with a Kerberos server configured in Microsoft<sup>®</sup> Windows<sup>®</sup> Active Directory or i5/OS™ PASE.</div> </div> <p>For information about setting up a Kerberos server in Microsoft Windows Active Directory, see <a href="http://www.microsoft.com/windows2000/en/server/help/" target="_blank">Microsoft Windows 2000 help</a><img src="www.gif" alt="Link outside the Information center" /></p> <div class="p">The following IBM<sup>®</sup> <img src="eserver.gif" alt="IBM e(logo) server" /> platforms support Kerberos authentication. For information about platform-specific Kerberos implementation see the following sources:<ul><li><strong>pSeries<sup>®</sup></strong><ul><li><cite>IBM Network Authentication Service AIX<sup>®</sup>, Linux<sup>®</sup>, and Solaris Administrator's and User's Guide</cite>.</li> <li><cite>IBM Network Authentication Service AIX, Linux, and Solaris Application Development Reference</cite>.<div class="note"><span class="notetitle">Note:</span> You can find this documentation in the <a href="http://www-1.ibm.com/servers/aix/products/bonuspack/aix5l/details.html" target="_blank">AIX 5L™ Expansion Pack and Bonus Pack</a> CD. <img src="www.gif" alt="Link outside the Information center" /></div> </li> </ul> </li> <li><strong>zSeries<sup>®</sup></strong><ul><li><a href="http://publibz.boulder.ibm.com/cgi-bin/bookmgr_OS390/download/euvb3a20.pdf?ACTION=SAVE&DT=20020715121400" target="_blank">z/OS<sup>®</sup> Security Server Network Authentication Service</a><img src="www.gif" alt="Link outside the Information center" /></li> </ul> </li> </ul> </div> <p>Use these tasks to help you plan network authentication service.</p> </div> <div> <ol> <li class="olchildlink"><a href="rzakhpkdc.htm">Plan a Kerberos server</a><br /> Plan for a Kerberos server based on your operating system.</li> <li class="olchildlink"><a href="rzakhprealm.htm">Plan realms</a><br /> Understanding your enterprise can help you plan for realms in your environment.</li> <li class="olchildlink"><a href="rzakhpprin.htm">Plan principal names</a><br /> Plan for principal names in your Kerberos network.</li> <li class="olchildlink"><a href="rzakhpdns.htm">Host name resolution considerations</a><br /> Ensure that Kerberos authentication and host name resolution work properly with your Kerberos enabled applications by verifying that your PCs and your iSeries servers resolve the same host name for the system on which the service application resides. </li> <li class="olchildlink"><a href="rzakhplanwrkshts.htm">Network authentication service planning work sheets</a><br /> To successfully configure network authentication service, you must understand the requirements and complete the necessary planning steps.</li> </ol> <div class="familylinks"> <div class="parentlink"><strong>Parent topic:</strong> <a href="rzakh000.htm" title="Network authentication service allows the iSeries server and several iSeries services, such as iSeries eServer Access for Windows, to use a Kerberos ticket as an optional replacement for a user name and password for authentication.">Network authentication service</a></div> </div> </div> </body> </html>