Complete the planning work sheets

Table 1. Prerequisite planning work sheet
Questions Answers
Is your i5/OS™ V5R3 or later (5722-SS1)? Yes
Are the following options and licensed products installed on iSeries™ A:
  • i5/OS Host Servers (5722-SS1 Option 12)
  • i5/OS PASE (5722-SS1 Option 33)
  • Qshell Interpreter (5722-SS1 Option 30)
  • Start of changeNetwork Authentication Enablement (5722-NAE) if you are using V5R4 or laterEnd of change
  • Start of changeCryptographic Access Provider (5722-AC3) if you are running V5R3End of change
  • iSeries Access for Windows® (5722-XE1)
 Yes
Have you installed Windows 2000 or Windows XP on all of your PCs? Yes
Have you installed Windows 2000 Support Tools (which provides the ksetup command) on all of your PCs? Yes
Is iSeries Access for Windows (5722-XE1) installed on the administrator's PC? Yes
Have you installed iSeries Navigator on the administrator's PC?
  • Is the Security subcomponent of iSeries Navigator installed on the administrator's PC?
  • Is the Network subcomponent of iSeries Navigator installed on the administrator's PC?

Yes
Yes
Yes
Have you installed the latest iSeries Access for Windows service pack? See iSeries Accesslink outside the Information Center for the latest service pack. Yes
Do you have *SECADM, *ALLOBJ, and *IOSYSCFG special authorities? You must have these special authorities to use the Network Authentication Service wizard for this scenario. Yes
Do you have your DNS configured and the correct host names for your iSeries and Kerberos server? Yes
On which operating system do you want to configure the Kerberos server?
  1. Windows 2000 Server
  2. Windows Server 2003
  3. AIX® Server
  4. i5/OS PASE (V5R3 or later)
  5. zSeries®
 i5/OS PASE
Have you applied the latest program temporary fixes (PTFs)? Yes
Is the iSeries system time within five minutes of the Kerberos server's system time? If not see Synchronize system times. Yes
For this scenario, you must specify a number of different passwords. The following planning worksheet provides a list of the passwords you need to use for this scenario. Refer to this table as you perform the configuration steps for setting up the Kerberos server in i5/OS PASE.
Note: Any and all passwords specified in this scenario are for example purposes only. To prevent a compromise to your system or network security, you should never use these passwords as part of your own configuration.
Table 2. Password planning work sheet
Entity Password
i5/OS PASE administrator: admin/admin
Note: i5/OS PASE specifies admin/admin as the default user name for the administrator.
 secret
i5/OS PASE Database Master pasepwd
Windows 2000 workstations:
  • pc1.myco.com (John Day's PC)
  • pc2.myco.com (Karen Jones' PC)

secret1
secret2
Kerberos user principals:
  • day@MYCO.COM
  • jones@MYCO.COM

123day
123jones

i5/OS service principal for iSeries A:
krbsvr400/iseriesa.myco.com@MYCO.COM

 iseriesa123

The following planning work sheet illustrates the type of information you need before you begin configuring the Kerberos server in i5/OS PASE and network authentication service. All answers on the prerequisite work sheet and password planning work sheet should be answered before you proceed with configuring the Kerberos server in i5/OS PASE.

Table 3. Planning work sheet for configuring a Kerberos server in i5/OS PASE and configuring network authentication service
Questions Answers
What is the name of the Kerberos default realm? MYCO.COM
Is this default realm located on Microsoft® Active Directory? No
What is the Kerberos server, also known as a key distribution center (KDC), for this Kerberos default realm? What is the port on which the Kerberos server listens?

KDC: kdc1.myco.com
Port: 88

Note: This is the default port for the Kerberos server.
Do you want to configure a password server for this default realm? No
Note: Currently password servers are not supported by i5/OS PASE or AIX.
For which services do you want to create keytab entries?
  • i5/OS Kerberos Authentication
  • LDAP
  • iSeries IBM® HTTP Server
  • iSeries NetServer™
 i5/OS Kerberos Authentication
Do you want to create a batch file to automate adding the service principals to Microsoft Active Directory? Not applicable
What is the default user name for the i5/OS PASE administrator?

What is the password you want to specify for the i5/OS PASE administrator?

Note: Any and all passwords specified in this scenario are for example purposes only. To prevent a compromise to your system or network security, you should never use these passwords as part of your own configuration.

User name: admin/admin
Password: secret
What is the naming convention for your principals that represent users in your network? Principals that represent users will be lowercase family name followed by the uppercase realm name
What are the Kerberos user principal names for these users:
  • John Day
  • Karen Jones

day@MYCO.COM
jones@MYCO.COM
What are the i5/OS user profile names for these users:
  • John Day
  • Karen Jones

JOHND
KARENJ
What are the Windows 2000 user names for these users:
  • John Day
  • Karen Jones

johnday
karenjones
What are the host names for these Windows 2000 workstations:
  • John Day's PC
  • Karen Jones' PC

pc1.myco.com
pc2.myco.com
What is the name of the i5/OS service principal for iSeries A? krbsvr400/iseriesa.myco.com@MYCO.COM
Note: The name of this service principal is for example purposes only. In your configuration, specify the host name and domain of your i5/OS system in the name of the service principal.
Parent topic: Scenario: Set up Kerberos server in i5/OS PASE
Next topic: Configure Kerberos server in i5/OS PASE