Create host, user, and service principals

Create host principals for your Windows® 2000 and Windows XP workstations. Create user and service principals on your Kerberos server.

This procedure creates the following:
  • Host principals for Windows 2000 and Windows XP workstations
  • User principals on the Kerberos server
  • Service principal on the Kerberos server

To provide interoperability between a Windows 2000 or Windows XP workstation and a Kerberos server in i5/OS™ PASE, you need to add a host principal for the workstation to the Kerberos realm. For users to be authenticated to services in your network, you must add them to the Kerberos server as principals. These user principals are stored on the Kerberos server and are used to validate users on the network. For i5/OS to accept Kerberos tickets, you must add them to the Kerberos server as principals. Complete the following tasks:

Note: User names, host names, and passwords are used for example purposes only.
  1. In a character-based interface, enter call QP2TERM at the command line. This command opens an interactive shell environment that allows you to work with i5/OS PASE applications.
  2. At the command line, enter export PATH=$PATH:/usr/krb5/sbin. This command points to the Kerberos scripts that are necessary to run the executable files.
  3. At the command line, enter kadmin -p admin/admin, and press Enter.
  4. Sign in with administrator's password.
  5. At the kadmin prompt, enter addprinc -pw secret1 host/pc1.myco.com. This command creates a host principal for the PC in your network. Repeat this step for all the PCs in your network.
  6. Enter addprinc -pw secret jonesm. This command creates a principal for your user, Mary Jones. Repeat this step for all of your users.
  7. At the kadmin prompt, enter addprinc -pw iseriesa123 krbsvr400/iseriesa.myco.com. This command creates a service principal for the Kerberos server.
  8. Enter quit to exit the kadmin interface, and press F3 (Exit) to exit the PASE environment.