Complete the planning work sheets

The following planning work sheets illustrate the type of information you need before you begin configuring network authentication service. All answers on the prerequisite work sheet should be Yes before you proceed with network authentication service setup.

Table 1. Prerequisite work sheet
Questions Answers
Is your i5/OS™ V5R3 or later (5722-SS1)? Yes
Are the following licensed products installed on iSeries™ A:
  • i5/OS Host Servers (5722-SS1 Option 12)
  • Qshell Interpreter (5722-SS1 Option 30)
  • iSeries Access for Windows® (5722-XE1)
  • Start of changeNetwork Authentication Enablement (5722-NAE) if you are using V5R4 or laterEnd of change
  • Start of changeCryptographic Access Provider (5722-AC3) if you are running V5R3End of change
 Yes
Have you installed Windows 2000 on your PCs? Yes
Is iSeries Access for Windows (5722-XE1) installed on the administrator's PC? Yes
Have you installed iSeries Navigator on the administrator's PC?
  • Is the Security subcomponent of iSeries Navigator installed on the administrator's PC?
  • Is the Network subcomponent of iSeries Navigator installed on the administrator's PC?

Yes
Yes
Yes
Have you installed the latest iSeries Access for Windows service pack? See iSeries Accesslink outside the Information Center for the latest service pack. Yes
Do you have *SECADM, *ALLOBJ, and *IOSYSCFG special authorities? Yes
Do you have one of the following installed on the secure system that will act as a Kerberos server? If so which one?
  1. Windows 2000 Server
  2. Windows Server 2003
  3. AIX® Server
  4. i5/OS PASE (V5R3 or later)
  5. zSeries®
 Yes, Windows 2000 Server
Are all your PCs in your network configured in a Windows 2000 domain?
Note: A Windows 2000 domain is similar to a Kerberos realm. Microsoft® Active Directory uses Kerberos authentication as its default security mechanism.
 Yes
Have you applied the latest program temporary fixes (PTFs)? Yes
Is the iSeries system time within five minutes of the Kerberos server's system time? If not see Synchronize system times. Yes
Table 2. Network authentication service planning work sheet
Questions Answers
What is the name of the Kerberos default realm to which your iSeries will belong?
Note: A Windows 2000 domain is similar to a Kerberos realm. Microsoft Active Directory uses Kerberos authentication as its default security mechanism.
 MYCO.COM
Are you using Microsoft Active Directory? Yes
What is the Kerberos server for this Kerberos default realm? What is the port on which the Kerberos server listens?

KDC: kdc1.myco.com
Port: 88

Note: This is the default port for the Kerberos server.
Do you want to configure a password server for this default realm? If yes, answer the following questions:

What is name of the password server for this Kerberos server?
What is the port on which the password server listens?

 Yes

Password server:kdc1.myco.com
Port: 464

Note: This is the default port for the password server.
For which services do you want to create keytab entries?
  • i5/OS Kerberos Authentication
  • LDAP
  • iSeries IBM® HTTP Server
  • iSeries NetServer™
 i5/OS Kerberos Authentication
What is the password you want to use for your i5/OS service principal(s)?
Note: Any and all passwords used within this scenario are for example purposes only. They should not be used during an actual configuration.
 iseriesa123
Do you want to create a batch file to automate adding the service principals to Microsoft Active Directory? Yes
What are the i5/OS user profiles names for John Day and Sharon Jones?

JOHND
SHARONJ
Parent topic: Scenario: Configure network authentication service
Next topic: Configure network authentication service on iSeries A