friedkiwi/ibm-information-center
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
14ed2849c6
ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzakh_5.4.0.1/rzakhnasscenario_planningworksheets.htm

188 lines
10 KiB
HTML
Raw Blame History

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="concept" />
<meta name="DC.Title" content="Complete the planning work sheets" />
<meta name="DC.Relation" scheme="URI" content="rzakhscen1.htm" />
<meta name="DC.Relation" scheme="URI" content="rzakhnasscenario_configurenasseriesa.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 1998, 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 1998, 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="rzakhnasscenario_completetheplanningworksheets" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Complete the planning work sheets</title>
</head>
<body id="rzakhnasscenario_completetheplanningworksheets"><a name="rzakhnasscenario_completetheplanningworksheets"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Complete the planning work sheets</h1>
<div><p>The following planning work sheets illustrate the type of information you
need before you begin configuring network authentication service. All answers
on the prerequisite work sheet should be Yes before you proceed with network
authentication service setup. </p>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" width="100%" frame="border" border="1" rules="all"><caption>Table 1. Prerequisite work sheet</caption><thead align="left"><tr><th valign="top" width="75%" id="d0e20">Questions</th>
<th valign="top" width="25%" id="d0e22">Answers </th>
</tr>
</thead>
<tbody><tr><td align="left" valign="top" width="75%" headers="d0e20 ">Is your i5/OS™ V5R3 or later (5722-SS1)?</td>
<td align="left" valign="top" width="25%" headers="d0e22 ">Yes</td>
</tr>
<tr><td align="left" valign="top" width="75%" headers="d0e20 ">Are the following licensed products installed
on iSeries™ A:<ul><li>i5/OS Host
Servers (5722-SS1 Option 12)</li>
<li>Qshell Interpreter (5722-SS1 Option 30)</li>
<li>iSeries Access
for Windows<sup>®</sup> (5722-XE1)</li>
<li><img src="./delta.gif" alt="Start of change" />Network Authentication Enablement (5722-NAE) if you are using
V5R4 or later<img src="./deltaend.gif" alt="End of change" /></li>
<li><img src="./delta.gif" alt="Start of change" />Cryptographic Access Provider (5722-AC3) if you are running
V5R3<img src="./deltaend.gif" alt="End of change" /></li>
</ul>
</td>
<td align="left" valign="top" width="25%" headers="d0e22 ">Yes</td>
</tr>
<tr><td valign="top" width="75%" headers="d0e20 ">Have you installed Windows 2000 on your PCs?</td>
<td valign="top" width="25%" headers="d0e22 ">Yes</td>
</tr>
<tr><td align="left" valign="top" width="75%" headers="d0e20 ">Is iSeries Access for Windows (5722-XE1)
installed on the administrator's PC?</td>
<td align="left" valign="top" width="25%" headers="d0e22 ">Yes</td>
</tr>
<tr><td align="left" valign="top" width="75%" headers="d0e20 ">Have you installed iSeries Navigator on the administrator's
PC?<ul><li>Is the Security subcomponent of iSeries Navigator installed on the administrator's
PC?</li>
<li>Is the Network subcomponent of iSeries Navigator installed on the administrator's
PC?</li>
</ul>
</td>
<td align="left" valign="top" width="25%" headers="d0e22 "><p>Yes<br />
Yes<br />
Yes</p>
</td>
</tr>
<tr><td align="left" valign="top" width="75%" headers="d0e20 ">Have you installed the latest iSeries Access
for Windows service
pack? See <a href="http://www-1.ibm.com/servers/eserver/iseries/access/casp.htm" target="_blank">iSeries Access</a><img src="www.gif" alt="link outside the Information Center" /> for the
latest service pack.</td>
<td align="left" valign="top" width="25%" headers="d0e22 ">Yes</td>
</tr>
<tr><td align="left" valign="top" width="75%" headers="d0e20 ">Do you have *SECADM, *ALLOBJ, and *IOSYSCFG
special authorities?</td>
<td align="left" valign="top" width="25%" headers="d0e22 ">Yes</td>
</tr>
<tr><td align="left" valign="top" width="75%" headers="d0e20 ">Do you have one of the following installed
on the secure system that will act as a Kerberos server? If so which one? <ol><li>Windows 2000
Server</li>
<li>Windows Server
2003</li>
<li>AIX<sup>®</sup> Server</li>
<li>i5/OS PASE
(V5R3 or later)</li>
<li>zSeries<sup>®</sup></li>
</ol>
</td>
<td align="left" valign="top" width="25%" headers="d0e22 ">Yes, Windows 2000 Server</td>
</tr>
<tr><td align="left" valign="top" width="75%" headers="d0e20 ">Are all your PCs in your network configured
in a Windows 2000
domain?<div class="note"><span class="notetitle">Note:</span> A Windows 2000 domain is similar to a Kerberos realm. Microsoft<sup>®</sup> Active
Directory uses Kerberos authentication as its default security mechanism.</div>
</td>
<td align="left" valign="top" width="25%" headers="d0e22 ">Yes</td>
</tr>
<tr><td align="left" valign="top" width="75%" headers="d0e20 ">Have you applied the latest program temporary
fixes (PTFs)?</td>
<td align="left" valign="top" width="25%" headers="d0e22 ">Yes</td>
</tr>
<tr><td align="left" valign="top" width="75%" headers="d0e20 ">Is the iSeries system time within five minutes
of the Kerberos server's system time? If not see <a href="rzakhsync.htm">Synchronize
system times</a>.</td>
<td align="left" valign="top" width="25%" headers="d0e22 ">Yes</td>
</tr>
</tbody>
</table>
</div>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" width="100%" frame="border" border="1" rules="all"><caption>Table 2. Network authentication service
planning work sheet</caption><thead align="left"><tr><th align="left" valign="top" width="61.855670103092784%" id="d0e188">Questions</th>
<th align="left" valign="top" width="38.144329896907216%" id="d0e190">Answers</th>
</tr>
</thead>
<tbody><tr><td valign="top" width="61.855670103092784%" headers="d0e188 ">What is the name of the Kerberos default realm to which
your iSeries will
belong?<div class="note"><span class="notetitle">Note:</span> A Windows 2000 domain is similar to a Kerberos realm. Microsoft Active
Directory uses Kerberos authentication as its default security mechanism.</div>
</td>
<td valign="top" width="38.144329896907216%" headers="d0e190 ">MYCO.COM</td>
</tr>
<tr><td align="left" valign="top" width="61.855670103092784%" headers="d0e188 ">Are you using Microsoft Active Directory?</td>
<td align="left" valign="top" width="38.144329896907216%" headers="d0e190 ">Yes</td>
</tr>
<tr><td align="left" valign="top" width="61.855670103092784%" headers="d0e188 ">What is the Kerberos server for this Kerberos
default realm? What is the port on which the Kerberos server listens?</td>
<td align="left" valign="top" width="38.144329896907216%" headers="d0e190 "><p><strong>KDC:</strong> kdc1.myco.com<br />
<strong>Port:</strong> 88 </p>
<div class="note"><span class="notetitle">Note:</span> This is the default port for the Kerberos server.</div>
</td>
</tr>
<tr><td align="left" valign="top" width="61.855670103092784%" headers="d0e188 ">Do you want to configure a password server
for this default realm? If yes, answer the following questions: <p>What is name of the password server for this Kerberos server?<br />
What is the port on which the password server listens?</p>
</td>
<td align="left" valign="top" width="38.144329896907216%" headers="d0e190 ">Yes <p><strong>Password server:</strong>kdc1.myco.com <br />
<strong>Port:</strong> 464 </p>
<div class="note"><span class="notetitle">Note:</span> This is the default port for the password
server.</div>
</td>
</tr>
<tr><td valign="top" width="61.855670103092784%" headers="d0e188 ">For which services do you want to create keytab entries?<ul><li>i5/OS Kerberos
Authentication</li>
<li>LDAP</li>
<li>iSeries IBM<sup>®</sup> HTTP
Server</li>
<li>iSeries NetServer™</li>
</ul>
</td>
<td valign="top" width="38.144329896907216%" headers="d0e190 ">i5/OS Kerberos Authentication</td>
</tr>
<tr><td align="left" valign="top" width="61.855670103092784%" headers="d0e188 ">What is the password you want to use for
your i5/OS service
principal(s)? <div class="note"><span class="notetitle">Note:</span> Any and all passwords used within this scenario are for
example purposes only. They should not be used during an actual configuration.</div>
</td>
<td align="left" valign="top" width="38.144329896907216%" headers="d0e190 ">iseriesa123 </td>
</tr>
<tr><td valign="top" width="61.855670103092784%" headers="d0e188 ">Do you want to create a batch file to automate adding
the service principals to Microsoft Active Directory?</td>
<td valign="top" width="38.144329896907216%" headers="d0e190 ">Yes</td>
</tr>
<tr><td valign="top" width="61.855670103092784%" headers="d0e188 ">What are the i5/OS user profiles names for John Day
and Sharon Jones?</td>
<td valign="top" width="38.144329896907216%" headers="d0e190 "><p>JOHND<br />
SHARONJ</p>
</td>
</tr>
</tbody>
</table>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzakhscen1.htm" title="Use the following scenario to become familiar with the prerequisites and objectives of adding network authentication service to your network.">Scenario: Configure network authentication service</a></div>
<div class="nextlink"><strong>Next topic:</strong> <a href="rzakhnasscenario_configurenasseriesa.htm">Configure network authentication service on iSeries A</a></div>
</div>
</div>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink