The following planning work sheets illustrates the type of information you need before you begin using iSeries™ Navigator to propagate the configuration on a model system to target systems.
| Prerequisite work sheet | Answers |
|---|---|
Is your i5/OS™ V5R3 (5722-SS1) or later for the
following systems:
|
Yes |
| Have you applied the latest program temporary fixes (PTFs)? | Yes |
| For iSeries D, is your i5/OS V5R2 (5722-SS1) or later? | Yes |
For iSeries D, have you applied the latest program temporary
fixes (PTFs), including the following:
|
|
Are the following options and licensed products
installed on all your iSeries systems?
|
Yes |
| Is iSeries Access for Windows (5722-XE1) installed on the administrator's PC? | Yes |
Is iSeries Navigator installed on the administrator's
PC?
|
Yes |
Have you installed the latest IBM iSeries Access for Windows service
pack? See iSeries Access for the latest service pack. |
Yes |
| Do you have *SECADM, *ALLOBJ, and *IOSYSCFG special authorities? | Yes |
Do you have one of the following systems
acting as the Kerberos server? If yes, specify which system.
|
Yes, Windows 2000 Server |
| For Windows 2000 Server and Windows Server 2003, do you have Windows Support Tools (which provides the ktpass tool) installed? | Yes |
| Is the iSeries system time within 5 minutes of the system time on the Kerberos server? If not see Synchronize system times. | Yes |
Network Authentication Enablement (5722-NAE) if you are using
V5R4 or later
| Questions | Answers |
|---|---|
| What is the name of the system group? | MyCo system group |
| What systems will be included in this system group? | iSeries B, iSeries C, iSeries D |
| What functions do you plan to propagate to this system group? | Network authentication service |
For which services do you want to create keytab entries?
|
i5/OS Kerberos Authentication |
| What are the service principal names for the iSeries systems to which you want to propagate configuration? | krbsvr400/iseriesa.myco.com@MYCO.COM |
| What are the passwords that are associated with each
of these principals? Note: All passwords are for example purposes only and
should not be used in any actual configuration.
|
The password for the principals for iSeries A, B, and C will be iseriesa123. The password for the principal for iSeries D will be iseriesd123. |
| What is the fully qualified host name for each iSeries server? Note: All
host names are for example purposes only and should not be used in any actual
configuration.
|
iseriesa.myco.com |
| What is the name of the Windows 2000 domain? Note: A Windows 2000
domain is similar to a Kerberos realm. Microsoft Active Directory uses Kerberos
authentication as its default security mechanism.
|
MYCO.COM |
| Questions | Answers |
|---|---|
| What is the name of the Kerberos default realm to which
your iSeries will
belong? Note: A Windows 2000 domain is similar to a Kerberos realm. Microsoft Active
Directory uses Kerberos authentication as its default security mechanism.
|
MYCO.COM |
| Are you using Microsoft Active Directory? | Yes |
| What is the Kerberos server for this Kerberos default realm? What is the port on which the Kerberos server listens? | KDC: kdc1.myco.com Note: This is the default port for
the Kerberos server.
|
| Do you want to configure a password server
for this default realm? If yes, answer the following questions: What is name of the password server for this Kerberos server? |
Yes Password server: kdc1.myco.com Note: This is the default port for
the password server.
|
For which services do you want to create keytab entries?
|
i5/OS Kerberos Authentication |
| What is the password for your i5/OS service
principal(s)? Note: Any and all passwords used within this scenario are for
example purposes only. They should not be used during an actual configuration.
|
iseriesd123 |