friedkiwi/ibm-information-center
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
6290434003
ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzakh_5.4.0.1/rzakhkkeytab.htm

93 lines
5.6 KiB
HTML
Raw Blame History

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="task" />
<meta name="DC.Title" content="Manage keytab files" />
<meta name="abstract" content="Maintain the keytab file using either the character-based interface or iSeries Navigator." />
<meta name="description" content="Maintain the keytab file using either the character-based interface or iSeries Navigator." />
<meta name="DC.Relation" scheme="URI" content="rzakhmanage.htm" />
<meta name="DC.Relation" scheme="URI" content="keytab.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 1998, 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 1998, 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="rzakhkkeytab" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Manage keytab files</title>
</head>
<body id="rzakhkkeytab"><a name="rzakhkkeytab"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Manage keytab files</h1>
<div><p>Maintain the keytab file using either the character-based interface
or iSeries™ Navigator.</p>
<div class="section">As the network administrator, you need to maintain the keytab file,
also called the key table, and its contents on the iSeries server. You can manage the keytab
file and its associated keytab entries by using either the character-based
interface or iSeries Navigator:</div>
<ul><li class="stepexpand"><span>Manage keytab files using the character-based interface</span> The
keytab command is used to add, delete, or list a key from a key table. For example, to add a key for the service principal, krbsvr400, on
the host, kdc1.myco.com, in realm MYCO.COM:<ul><li>On a Qshell command line, enter <tt>keytab add krbsvr400/kdc1.myco.com@MYCO.COM</tt></li>
</ul>
<ul><li>On an i5/OS™ control
language (CL) command line, enter <tt>call qsys/qkrbkeytab parm('add' 'krbsvr400/kdc1.myco.com@MYCO.COM')</tt></li>
</ul>
You will be prompted for the password that was used when the service
was defined to the Kerberos server.</li>
<li class="stepexpand"><span>Manage keytab files using iSeries Navigator</span> You can
use iSeries Navigator
to add keytab entries to the key table. iSeries Navigator allows you to add keytab
entries for the following services:<ul><li>i5/OS Kerberos
authentication</li>
<li>LDAP</li>
<li>HTTP Server powered by Apache</li>
<li>iSeries NetServer™</li>
</ul>
<p>To add a keytab entry to the keytab file, follow these steps:</p>
<ol><li class="substepexpand"><span>In iSeries Navigator,
expand your <span class="menucascade"><span class="uicontrol">iSeries server</span> &gt; <span class="uicontrol">Security</span></span>.</span></li>
<li class="substepexpand"><span>Right-click <span class="uicontrol">Network Authentication Service</span> and
select <span class="uicontrol">Manage Keytab...</span>. </span> This launches
a portion of the Network Authentication Service wizard that enables you to
add keytab entries.</li>
<li class="substepexpand"><span>On the <span class="uicontrol">Select keytab entries</span> page, select
the types of services for which you want to add keytab entries. For example, i5/OS Kerberos
Authentication. Click <span class="uicontrol">Next</span>.</span></li>
<li class="substepexpand"><span>On the <span class="uicontrol">Create i5/OS keytab entry</span> page,
enter and confirm a password. </span> This password should be the same
password that you use when you add the associated service principal to the
Kerberos server. If you selected any of the other types of services, such
as LDAP, HTTP Server powered by Apache, or iSeries NetServer in Step 3, you will also
see pages that enable you to create keytab entries for each of those services.</li>
<li class="substepexpand"><span>On the <span class="uicontrol">Summary</span> page, view the list of i5/OS services
and service principals that will be added as keytab entries to the keytab
file.</span></li>
</ol>
</li>
</ul>
<div class="section"><p>See the <strong>keytab</strong> usage notes on this Qshell command, for
specifics on its usage and restrictions.</p>
</div>
</div>
<div>
<ul class="ullinks">
<li class="ulchildlink"><strong><a href="keytab.htm">keytab</a></strong><br />
The Qshell command <span class="cmdname">keytab</span> manages a key table.</li>
</ul>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzakhmanage.htm" title="Manage network authentication service by requesting tickets, working with key table files, and administering host name resolution. You can also work with credentials files and back up configuration files.">Manage network authentication service</a></div>
</div>
</div>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink