Complete the planning work sheets

The following planning work sheet contains information that you need to complete before completing these scenario tasks. The following planning work sheet illustrates the type of information you need before you begin setting up cross realm trust.

Table 1. Prerequisite planning work sheet
Questions	Answers
Is your i5/OS™ V5R3 or later (5722-SS1)?	Yes
Are the following options and licensed products installed on iSeries™ A: i5/OS Host Servers (5722-SS1 Option 12) iSeries Access for Windows^® (5722-XE1) Network Authentication Enablement (5722-NAE) if you are using V5R4 or later Cryptographic Access Provider (5722-AC3) if you are running V5R3	Yes
Are the following licensed products installed on iSeries B: iSeries Access for Windows (5722-XE1) Network Authentication Enablement (5722-NAE) if you are using V5R4 or later Cryptographic Access Provider (5722-AC3) if you are running V5R3 i5/OS PASE (5722-SS1 Option 33)	Yes
Have you installed Windows 2000 on all of your PCs?	Yes
Is iSeries Access for Windows (5722-XE1) installed on the PC used to administer network authentication service?	Yes
Have you installed iSeries Navigator and the following subcomponents on the PC used to administer network authentication service? Security Network	Yes
Have you installed the latest iSeries Access for Windows service pack? See iSeries Access for the latest service pack.	Yes
Do you have *ALLOBJ special authority on the iSeries servers?	Yes
Do you have administrative authorities on the Windows 2000 server?	Yes
Do you have your DNS configured and the correct host names for your iSeries and Kerberos server?	Yes
On which operating system do you want to configure the Kerberos server? Windows ^(R) 2000 Server Windows Server 2003 AIX^® Server i5/OS PASE (V5R3 or later) zSeries^®	i5/OS PASE
Have you applied the latest program temporary fixes (PTFs)?	Yes
Is the iSeries system time within five minutes of the Kerberos server's system time? If not see Synchronize system times.	Yes

The following planning work sheet illustrates the type of information you need before you begin setting up cross realm trust.

Table 2. Planning work sheet for cross realm trust
Planning work sheet for cross realm trust	Answers
What are the names of the realms for which you want to establish a trusted relationship? The Kerberos realm using the Windows 2000 server as its Kerberos server The Kerberos realm using iSeries B as its Kerberos server (configured in i5/OS PASE)	ORDEPT.MYCO.COM SHIPDEPT.MYCO.COM
Have all i5/OS service principals and user principals been added to their respective Kerberos servers?	Yes
What is the default user name for the i5/OS PASE administrator? What is the password you want to specify for the i5/OS PASE administrator? Note: This must be the same password you used when you created the Kerberos server in i5/OS PASE. Any and all passwords specified in this scenario are for example purposes only. To prevent a compromise to your system or network security, you should never use these passwords as part of your own configuration.	User name: admin/admin Password: secret
What are the names of the principals that will be used to set up cross realm trust? What is the password for each of these principals? Note: Any and all passwords specified in this scenario are for example purposes only. To prevent a compromise to your system or network security, you should never use these passwords as part of your own configuration.	Principal: krbtgt/SHIPDEPT.MYCO.COM@ORDEPT.MYCO.COM Password: shipord1 Principal: krbtgt/ORDEPT.MYCO.COM@SHIPDEPT.MYCO .COM Password: shipord2
What are the fully qualified host names for each of the Kerberos servers for these realms? ORDEPT.MYCO.COM SHIPDEPT.MYCO.COM	kdc1.ordept.myco.com iseriesb.shipdept.myco.com
Are the system times for all systems within five minutes of one another? If not see Synchronize system times.	Yes