friedkiwi/ibm-information-center
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
14ed2849c6
ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzakh_5.4.0.1/rzakhcrossscenario_completeplanningworksheets.htm

205 lines
10 KiB
HTML
Raw Blame History

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="concept" />
<meta name="DC.Title" content="Complete the planning work sheets" />
<meta name="DC.Relation" scheme="URI" content="rzakhscencross.htm" />
<meta name="DC.Relation" scheme="URI" content="rzakhcrossscenario_ensurekerberosiseriesbstarted.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 1998, 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 1998, 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="rzakhcrossscenario_completeplanningworksheets" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Complete the planning work sheets</title>
</head>
<body id="rzakhcrossscenario_completeplanningworksheets"><a name="rzakhcrossscenario_completeplanningworksheets"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Complete the planning work sheets</h1>
<div><p>The following planning work sheet contains information that you need to
complete before completing these scenario tasks. The following planning work
sheet illustrates the type of information you need before you begin setting
up cross realm trust. </p>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" width="100%" frame="border" border="1" rules="all"><caption>Table 1. Prerequisite planning work sheet</caption><thead align="left"><tr><th valign="top" width="75%" id="d0e20">Questions</th>
<th valign="top" width="25%" id="d0e22">Answers </th>
</tr>
</thead>
<tbody><tr><td align="left" valign="top" width="75%" headers="d0e20 ">Is your i5/OS™ V5R3 or later (5722-SS1)?</td>
<td align="left" valign="top" width="25%" headers="d0e22 ">Yes</td>
</tr>
<tr><td valign="top" width="75%" headers="d0e20 ">Are the following options and licensed products installed
on iSeries™ A: <ul><li>i5/OS Host
Servers (5722-SS1 Option 12)</li>
<li>iSeries Access
for Windows<sup>®</sup> (5722-XE1)</li>
<li><img src="./delta.gif" alt="Start of change" />Network Authentication Enablement (5722-NAE) if you are using
V5R4 or later<img src="./deltaend.gif" alt="End of change" /></li>
<li><img src="./delta.gif" alt="Start of change" />Cryptographic Access Provider (5722-AC3) if you are running
V5R3<img src="./deltaend.gif" alt="End of change" /></li>
</ul>
</td>
<td valign="top" width="25%" headers="d0e22 ">Yes</td>
</tr>
<tr><td align="left" valign="top" width="75%" headers="d0e20 ">Are the following licensed products installed
on iSeries B:<ul><li>iSeries Access
for Windows (5722-XE1)</li>
<li><img src="./delta.gif" alt="Start of change" />Network Authentication Enablement (5722-NAE) if you are using
V5R4 or later<img src="./deltaend.gif" alt="End of change" /></li>
<li><img src="./delta.gif" alt="Start of change" />Cryptographic Access Provider (5722-AC3) if you are running
V5R3<img src="./deltaend.gif" alt="End of change" /></li>
<li>i5/OS PASE
(5722-SS1 Option 33)</li>
</ul>
</td>
<td align="left" valign="top" width="25%" headers="d0e22 ">Yes</td>
</tr>
<tr><td valign="top" width="75%" headers="d0e20 ">Have you installed Windows 2000 on all of your PCs?</td>
<td valign="top" width="25%" headers="d0e22 ">Yes</td>
</tr>
<tr><td align="left" valign="top" width="75%" headers="d0e20 ">Is iSeries Access for Windows (5722-XE1)
installed on the PC used to administer network authentication service?</td>
<td align="left" valign="top" width="25%" headers="d0e22 ">Yes</td>
</tr>
<tr><td valign="top" width="75%" headers="d0e20 ">Have you installed iSeries Navigator and the following subcomponents
on the PC used to administer network authentication service?<ul><li>Security</li>
<li>Network</li>
</ul>
</td>
<td valign="top" width="25%" headers="d0e22 ">Yes</td>
</tr>
<tr><td valign="top" width="75%" headers="d0e20 ">Have you installed the latest iSeries Access for Windows service
pack? See <a href="http://www-1.ibm.com/servers/eserver/iseries/access/casp.htm" target="_blank">iSeries Access</a><img src="www.gif" alt="link outside the Information Center" /> for the
latest service pack.</td>
<td valign="top" width="25%" headers="d0e22 ">Yes</td>
</tr>
<tr><td align="left" valign="top" width="75%" headers="d0e20 ">Do you have *ALLOBJ special authority on
the iSeries servers? </td>
<td align="left" valign="top" width="25%" headers="d0e22 ">Yes</td>
</tr>
<tr><td valign="top" width="75%" headers="d0e20 ">Do you have administrative authorities on the Windows 2000
server?</td>
<td valign="top" width="25%" headers="d0e22 ">Yes</td>
</tr>
<tr><td valign="top" width="75%" headers="d0e20 ">Do you have your DNS configured and the correct host
names for your iSeries and
Kerberos server?</td>
<td valign="top" width="25%" headers="d0e22 ">Yes</td>
</tr>
<tr><td align="left" valign="top" width="75%" headers="d0e20 ">On which operating system do you want to
configure the Kerberos server?<ol><li>Windows <sup>(R)</sup> 2000
Server</li>
<li>Windows Server
2003</li>
<li>AIX<sup>®</sup> Server</li>
<li>i5/OS PASE
(V5R3 or later)</li>
<li>zSeries<sup>®</sup></li>
</ol>
</td>
<td align="left" valign="top" width="25%" headers="d0e22 ">i5/OS PASE</td>
</tr>
<tr><td align="left" valign="top" width="75%" headers="d0e20 ">Have you applied the latest program temporary
fixes (PTFs)?</td>
<td align="left" valign="top" width="25%" headers="d0e22 ">Yes</td>
</tr>
<tr><td align="left" valign="top" width="75%" headers="d0e20 ">Is the iSeries system time within five minutes
of the Kerberos server's system time? If not see <a href="rzakhsync.htm">Synchronize
system times</a>.</td>
<td align="left" valign="top" width="25%" headers="d0e22 ">Yes</td>
</tr>
</tbody>
</table>
</div>
<p>The following planning work sheet illustrates the type of information you
need before you begin setting up cross realm trust.</p>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" width="100%" frame="border" border="1" rules="all"><caption>Table 2. Planning work sheet for cross realm
trust</caption><thead align="left"><tr class="tablemainheaderbar"><th valign="top" width="48.717948717948715%" id="d0e210">Planning work sheet for cross realm trust</th>
<th align="left" valign="top" width="51.28205128205128%" id="d0e212">Answers </th>
</tr>
</thead>
<tbody><tr><td valign="top" width="48.717948717948715%" headers="d0e210 ">What are the names of the realms for which you want
to establish a trusted relationship?<ul><li>The Kerberos realm using the Windows 2000 server as its Kerberos
server</li>
<li>The Kerberos realm using iSeries B as its Kerberos server (configured in i5/OS PASE)</li>
</ul>
<p></p>
</td>
<td align="left" valign="top" width="51.28205128205128%" headers="d0e212 "><p>ORDEPT.MYCO.COM<br />
SHIPDEPT.MYCO.COM</p>
</td>
</tr>
<tr><td valign="top" width="48.717948717948715%" headers="d0e210 ">Have all i5/OS service principals and user principals
been added to their respective Kerberos servers?</td>
<td align="left" valign="top" width="51.28205128205128%" headers="d0e212 ">Yes</td>
</tr>
<tr><td valign="top" width="48.717948717948715%" headers="d0e210 ">What is the default user name for the i5/OS PASE administrator?<p>What
is the password you want to specify for the i5/OS PASE administrator?</p>
<div class="note"><span class="notetitle">Note:</span> This
must be the same password you used when you created the Kerberos server in i5/OS PASE.
Any and all passwords specified in this scenario are for example purposes
only. To prevent a compromise to your system or network security, you should
never use these passwords as part of your own configuration.</div>
</td>
<td align="left" valign="top" width="51.28205128205128%" headers="d0e212 "><p>User name: admin/admin<br />
Password: secret</p>
</td>
</tr>
<tr><td valign="top" width="48.717948717948715%" headers="d0e210 ">What are the names of the principals that will be used
to set up cross realm trust? <p>What is the password for each of these principals?</p>
<div class="note"><span class="notetitle">Note:</span> Any
and all passwords specified in this scenario are for example purposes only.
To prevent a compromise to your system or network security, you should never
use these passwords as part of your own configuration.</div>
</td>
<td align="left" valign="top" width="51.28205128205128%" headers="d0e212 "><p>Principal: <br />
krbtgt/SHIPDEPT.MYCO.COM@ORDEPT.MYCO.COM<br />
<br />
Password: shipord1<br />
</p>
<p>Principal: <br />
krbtgt/ORDEPT.MYCO.COM@SHIPDEPT.MYCO<br />
.COM<br />
<br />
Password: shipord2</p>
<p></p>
</td>
</tr>
<tr><td valign="top" width="48.717948717948715%" headers="d0e210 ">What are the fully qualified host names for each of
the Kerberos servers for these realms?<ul><li>ORDEPT.MYCO.COM</li>
<li>SHIPDEPT.MYCO.COM</li>
</ul>
</td>
<td align="left" valign="top" width="51.28205128205128%" headers="d0e212 "><p>kdc1.ordept.myco.com <br />
iseriesb.shipdept.myco.com</p>
</td>
</tr>
<tr><td valign="top" width="48.717948717948715%" headers="d0e210 ">Are the system times for all systems within five minutes
of one another? If not see <a href="rzakhsync.htm">Synchronize system
times</a>.</td>
<td align="left" valign="top" width="51.28205128205128%" headers="d0e212 ">Yes</td>
</tr>
</tbody>
</table>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzakhscencross.htm" title="Use the following scenario to become familiar with the prerequisites and objectives of setting up cross realm trust on your network.">Scenario: Set up cross realm trust</a></div>
<div class="nextlink"><strong>Next topic:</strong> <a href="rzakhcrossscenario_ensurekerberosiseriesbstarted.htm">Ensure that the Kerberos server in i5/OS PASE on iSeries B has started</a></div>
</div>
</div>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink