friedkiwi/ibm-information-center
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
6290434003
ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzakh_5.4.0.1/rzakhssoscenario_completeplanningworksheets.htm

506 lines
30 KiB
HTML
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="concept" />
<meta name="DC.Title" content="Complete the planning work sheets" />
<meta name="DC.Relation" scheme="URI" content="rzakhscen2.htm" />
<meta name="DC.Relation" scheme="URI" content="rzakhssoscenario_createassoconfiguration.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 1998, 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 1998, 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="rzakhssoscenario_completeplanningworksheets" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Complete the planning work sheets</title>
</head>
<body id="rzakhssoscenario_completeplanningworksheets"><a name="rzakhssoscenario_completeplanningworksheets"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Complete the planning work sheets</h1>
<div><p>The following planning work sheets are tailored to fit this scenario based
on the general single signon <a href="../rzamz/rzamzssoplanworksheet.htm">planning worksheets</a>. These planning work sheets demonstrate
the information that you need to gather and the decisions you need to make
as you prepare to configure the single signon function described by this scenario.
To ensure a successful implementation, you must be able to answer Yes to all
prerequisite items in the work sheet and you should gather all the information
necessary to complete the work sheets before you perform any configuration
tasks.</p>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" width="100%" frame="border" border="1" rules="all"><caption>Table 1. Single signon prerequisite work
sheet</caption><thead align="left"><tr><th valign="top" width="60%" id="d0e23">Prerequisite work sheet</th>
<th valign="top" width="40%" id="d0e25">Answers </th>
</tr>
</thead>
<tbody><tr><td align="left" valign="top" width="60%" headers="d0e23 ">Is your i5/OS™ V5R3 (5722-SS1) or later?</td>
<td align="left" valign="top" width="40%" headers="d0e25 ">Yes</td>
</tr>
<tr><td align="left" valign="top" width="60%" headers="d0e23 ">Are the following options and licensed products
installed on iSeries™ A
and iSeries B?<ul><li>i5/OS Host
Servers (5722-SS1 Option 12)</li>
<li>Qshell Interpreter (5722-SS1 Option 30)</li>
<li>iSeries Access
for Windows<sup>®</sup> (5722-XE1)</li>
<li><img src="./delta.gif" alt="Start of change" />Network Authentication Enablement (5722-NAE) if you are using
V5R4 or later<img src="./deltaend.gif" alt="End of change" /></li>
<li><img src="./delta.gif" alt="Start of change" />Cryptographic Access Provider (5722-AC3) if you are running
V5R3<img src="./deltaend.gif" alt="End of change" /></li>
</ul>
</td>
<td align="left" valign="top" width="40%" headers="d0e25 ">Yes</td>
</tr>
<tr><td align="left" valign="top" width="60%" headers="d0e23 ">Have you installed an application that is
enabled for single signon on each of the PCs that will participate in the
single signon environment? <div class="note"><span class="notetitle">Note:</span> For this scenario, all of the participating
PCs have iSeries Access
for Windows (5722-XE1)
installed.</div>
</td>
<td align="left" valign="top" width="40%" headers="d0e25 ">Yes</td>
</tr>
<tr><td align="left" valign="top" width="60%" headers="d0e23 ">Is iSeries Navigator installed on the administrator's
PC?<ul><li>Is the Network subcomponent of iSeries Navigator installed on the PC
used to administer single signon?</li>
<li>Is the Security subcomponent of iSeries Navigator installed on the PC
used to administer single signon?</li>
<li>Is the Users and Groups subcomponent of iSeries Navigator installed on the PC
used to administer single signon?</li>
</ul>
</td>
<td align="left" valign="top" width="40%" headers="d0e25 ">Yes</td>
</tr>
<tr><td valign="top" width="60%" headers="d0e23 ">Have you installed the latest IBM<img src="eserver.gif" alt="e(logo) server" /> iSeries Access for Window service pack?
See the <a href="http://www-1.ibm.com/servers/eserver/iseries/access/casp.htm" target="_blank">iSeries Access
web page</a><img src="www.gif" alt="link outside the Information Center" /> for the latest service pack.</td>
<td valign="top" width="40%" headers="d0e25 ">Yes</td>
</tr>
<tr><td align="left" valign="top" width="60%" headers="d0e23 ">Does the single signon administrator have
*SECADM, *ALLOBJ, and *IOSYSCFG special authorities?</td>
<td align="left" valign="top" width="40%" headers="d0e25 ">Yes</td>
</tr>
<tr><td align="left" valign="top" width="60%" headers="d0e23 ">Do you have one of the following systems
acting as the Kerberos server (also known as the KDC)? If yes, specify which
system.<ol><li>Microsoft<sup>®</sup> Windows 2000
Server<div class="note"><span class="notetitle">Note:</span> Microsoft Windows 2000 Server uses Kerberos authentication
as its default security mechanism. </div>
</li>
<li>Windows Server
2003</li>
<li>i5/OS PASE
(V5R3 or later)</li>
<li>AIX<sup>®</sup> server</li>
<li>zSeries<sup>®</sup></li>
</ol>
</td>
<td align="left" valign="top" width="40%" headers="d0e25 ">Yes, Windows 2000 Server</td>
</tr>
<tr><td align="left" valign="top" width="60%" headers="d0e23 ">Are all your PCs in your network configured
in a Windows 2000
domain?</td>
<td align="left" valign="top" width="40%" headers="d0e25 ">Yes</td>
</tr>
<tr><td align="left" valign="top" width="60%" headers="d0e23 ">Have you applied the latest program temporary
fixes (PTFs)?</td>
<td align="left" valign="top" width="40%" headers="d0e25 ">Yes</td>
</tr>
<tr><td align="left" valign="top" width="60%" headers="d0e23 ">Is the iSeries system time within 5 minutes
of the system time on the Kerberos server? If not see <a href="rzakhsync.htm#rzakhsync">Synchronize system times</a>.</td>
<td align="left" valign="top" width="40%" headers="d0e25 ">Yes</td>
</tr>
</tbody>
</table>
</div>
<p>You need this information to configure EIM and network authentication service
on iSeries A</p>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" width="100%" frame="border" border="1" rules="all"><caption>Table 2. Single signon configuration planning
work sheet for iSeries A</caption><thead align="left"><tr><th align="left" valign="top" width="58.58585858585859%" id="d0e202">Configuration planning work sheet for iSeries A</th>
<th align="left" valign="top" width="41.41414141414141%" id="d0e207">Answers</th>
</tr>
</thead>
<tbody><tr><td colspan="2" valign="top" headers="d0e202 d0e207 ">Use the following information to complete
the EIM Configuration wizard. The information in this work sheet correlates
with the information you need to supply for each page in the wizard:</td>
</tr>
<tr><td valign="top" width="58.58585858585859%" headers="d0e202 ">How do you want to configure EIM for your system?<ul><li>Join an existing domain</li>
<li>Create and join a new domain</li>
</ul>
</td>
<td valign="top" width="41.41414141414141%" headers="d0e207 ">Create and join a new domain</td>
</tr>
<tr><td valign="top" width="58.58585858585859%" headers="d0e202 ">Where do you want to configure the EIM domain?</td>
<td valign="top" width="41.41414141414141%" headers="d0e207 ">On the local directory server<div class="note"><span class="notetitle">Note:</span> This will configure
the directory server on the same system on which you are currently configuring
EIM.</div>
</td>
</tr>
<tr><td valign="top" width="58.58585858585859%" headers="d0e202 ">Do you want to configure network authentication service?<div class="note"><span class="notetitle">Note:</span> You
must configure network authentication service to configure single signon.</div>
</td>
<td valign="top" width="41.41414141414141%" headers="d0e207 ">Yes</td>
</tr>
<tr><td colspan="2" valign="top" headers="d0e202 d0e207 ">The Network Authentication Service wizard
starts from the EIM Configuration wizard. Use the following information to
complete the Network Authentication Service wizard.</td>
</tr>
<tr><td valign="top" width="58.58585858585859%" headers="d0e202 ">What is the name of the Kerberos default realm to which
your iSeries will
belong?<div class="note"><span class="notetitle">Note:</span> A Windows 2000 domain is similar to a Kerberos realm. Microsoft Windows Active
Directory uses Kerberos authentication as its default security mechanism.</div>
</td>
<td valign="top" width="41.41414141414141%" headers="d0e207 "><tt>MYCO.COM</tt></td>
</tr>
<tr><td valign="top" width="58.58585858585859%" headers="d0e202 ">Are you using Microsoft Active Directory?</td>
<td valign="top" width="41.41414141414141%" headers="d0e207 ">Yes</td>
</tr>
<tr><td align="left" valign="top" width="58.58585858585859%" headers="d0e202 ">What is the Kerberos server, also known as
a key distribution center (KDC), for this Kerberos default realm? What is
the port on which the Kerberos server listens?</td>
<td align="left" valign="top" width="41.41414141414141%" headers="d0e207 "><p><span class="uicontrol">KDC:</span> <tt>kdc1.myco.com</tt><br />
<span class="uicontrol">Port:</span> <tt>88</tt> </p>
<div class="note"><span class="notetitle">Note:</span> This is the default
port for the Kerberos server.</div>
</td>
</tr>
<tr><td align="left" valign="top" width="58.58585858585859%" headers="d0e202 ">Do you want to configure a password server
for this default realm? If yes, answer the following questions: <p>What is name of the password server for this Kerberos server?<br />
What is the port on which the password server listens?</p>
</td>
<td align="left" valign="top" width="41.41414141414141%" headers="d0e207 ">Yes <p><span class="uicontrol">Password server:</span> <tt>kdc1.myco.com</tt> <br />
<span class="uicontrol">Port:</span> <tt>464</tt> </p>
<div class="note"><span class="notetitle">Note:</span> This is the default
port for the password server.</div>
</td>
</tr>
<tr><td valign="top" width="58.58585858585859%" headers="d0e202 ">For which services do you want to create keytab entries?<ul><li>i5/OS Kerberos
Authentication</li>
<li>LDAP</li>
<li>iSeries IBM<sup>®</sup> HTTP
Server</li>
<li>iSeries NetServer™</li>
</ul>
</td>
<td valign="top" width="41.41414141414141%" headers="d0e207 ">i5/OS Kerberos Authentication</td>
</tr>
<tr><td align="left" valign="top" width="58.58585858585859%" headers="d0e202 ">What is the password for your service principal
or principals? </td>
<td align="left" valign="top" width="41.41414141414141%" headers="d0e207 "><tt>iseriesa123 </tt> <div class="note"><span class="notetitle">Note:</span> Any and all passwords
specified in this scenario are for example purposes only. To prevent a compromise
to your system or network security, you should never use these passwords as
part of your own configuration.</div>
</td>
</tr>
<tr><td align="left" valign="top" width="58.58585858585859%" headers="d0e202 ">Do you want to create a batch file to automate
adding the service principals for iSeries A to the Kerberos registry?</td>
<td align="left" valign="top" width="41.41414141414141%" headers="d0e207 ">Yes</td>
</tr>
<tr><td valign="top" width="58.58585858585859%" headers="d0e202 ">Do you want to include passwords with the i5/OS service
principals in the batch file?</td>
<td valign="top" width="41.41414141414141%" headers="d0e207 ">Yes</td>
</tr>
<tr><td colspan="2" valign="top" headers="d0e202 d0e207 ">As you exit the Network Authentication
Service wizard, you will return to the EIM Configuration wizard. Use the following
information to complete the EIM Configuration wizard:</td>
</tr>
<tr><td valign="top" width="58.58585858585859%" headers="d0e202 ">Specify user information that the wizard should use
when configuring the directory server. This is the connection user. You must
specify the port number, administrator distinguished name, and a password
for the administrator. <div class="note"><span class="notetitle">Note:</span> Specify the LDAP administrator's distinguished
name (DN) and password to ensure the wizard has enough authority to administer
the EIM domain and the objects in it.</div>
</td>
<td valign="top" width="41.41414141414141%" headers="d0e207 "><p><span class="uicontrol">Port:</span> <tt>389</tt><br />
<span class="uicontrol">Distinguished name:</span> <tt>cn=administrator</tt> <br />
<span class="uicontrol">Password:</span> <tt>mycopwd</tt> </p>
<div class="note"><span class="notetitle">Note:</span> Any and all
passwords specified in this scenario are for example purposes only. To prevent
a compromise to your system or network security, you should never use these
passwords as part of your own configuration.</div>
</td>
</tr>
<tr><td valign="top" width="58.58585858585859%" headers="d0e202 ">What is the name of the EIM domain that you want to
create?</td>
<td valign="top" width="41.41414141414141%" headers="d0e207 "><tt>MyCoEimDomain</tt></td>
</tr>
<tr><td valign="top" width="58.58585858585859%" headers="d0e202 ">Do you want to specify a parent DN for the EIM domain?</td>
<td valign="top" width="41.41414141414141%" headers="d0e207 ">No</td>
</tr>
<tr><td valign="top" width="58.58585858585859%" headers="d0e202 ">Which user registries do you want to add to the EIM
domain?</td>
<td valign="top" width="41.41414141414141%" headers="d0e207 "><p>Local i5/OS--ISERIESA.MYCO.COM<br />
Kerberos--KDC1.MYCO.COM</p>
<div class="note"><span class="notetitle">Note:</span> You should not select <span class="uicontrol">Kerberos
user identities are case sensitive</span> when the wizard presents this
option.</div>
</td>
</tr>
<tr><td valign="top" width="58.58585858585859%" headers="d0e202 ">Which EIM user do you want iSeries A to use when performing EIM
operations? This is the system user.<div class="note"><span class="notetitle">Note:</span> If you have not configured the directory
server before configuring single signon, the only distinguished name (DN)
you can provide for the system user is the LDAP administrator's DN and password.</div>
</td>
<td valign="top" width="41.41414141414141%" headers="d0e207 "><p><span class="uicontrol">User type:</span> <tt>Distinguished name</tt><br />
<span class="uicontrol">Distinguished name:</span> <tt>cn=administrator</tt><br />
<span class="uicontrol">Password:</span> <tt>mycopwd</tt></p>
<div class="note"><span class="notetitle">Note:</span> Any and all
passwords specified in this scenario are for example purposes only. To prevent
a compromise to your system or network security, you should never use these
passwords as part of your own configuration.</div>
</td>
</tr>
</tbody>
</table>
</div>
<p> You need this information to allow iSeries B to participate in the EIM domain
and to configure network authentication service on iSeries B</p>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" width="100%" frame="border" border="1" rules="all"><caption>Table 3. Single signon configuration planning
work sheet for iSeries B</caption><thead align="left"><tr><th align="left" valign="top" width="57.73195876288659%" id="d0e464">Configuration planning work sheet for iSeries B</th>
<th align="left" valign="top" width="42.2680412371134%" id="d0e469">Answers</th>
</tr>
</thead>
<tbody><tr><td colspan="2" valign="top" headers="d0e464 d0e469 ">Use the following information to complete
the EIM Configuration wizard for iSeries B:</td>
</tr>
<tr><td valign="top" width="57.73195876288659%" headers="d0e464 ">How do you want to configure EIM on your system?</td>
<td valign="top" width="42.2680412371134%" headers="d0e469 ">Join an existing domain</td>
</tr>
<tr><td valign="top" width="57.73195876288659%" headers="d0e464 ">Do you want to configure network authentication service?<div class="note"><span class="notetitle">Note:</span> You
must configure network authentication service to configure single signon.</div>
</td>
<td valign="top" width="42.2680412371134%" headers="d0e469 ">Yes</td>
</tr>
<tr><td colspan="2" valign="top" headers="d0e464 d0e469 ">The Network Authentication Service wizard
starts from the EIM Configuration wizard. Use the following information to
complete the Network Authentication Service wizard:<div class="note"><span class="notetitle">Note:</span> You can start the
Network Authentication Service wizard independently of the EIM Configuration
wizard.</div>
</td>
</tr>
<tr><td align="left" valign="top" width="57.73195876288659%" headers="d0e464 ">What is the name of the Kerberos default
realm to which your iSeries will belong?<div class="note"><span class="notetitle">Note:</span> A Windows 2000
domain is equivalent to a Kerberos realm. Microsoft Active Directory uses Kerberos
authentication as its default security mechanism.</div>
</td>
<td align="left" valign="top" width="42.2680412371134%" headers="d0e469 "><tt>MYCO.COM</tt></td>
</tr>
<tr><td valign="top" width="57.73195876288659%" headers="d0e464 ">Are you using Microsoft Active Directory?</td>
<td valign="top" width="42.2680412371134%" headers="d0e469 ">Yes</td>
</tr>
<tr><td align="left" valign="top" width="57.73195876288659%" headers="d0e464 ">What is the Kerberos server for this Kerberos
default realm? What is the port on which the Kerberos server listens?</td>
<td align="left" valign="top" width="42.2680412371134%" headers="d0e469 "><p><span class="uicontrol">KDC:</span> <tt>kdc1.myco.com</tt><br />
<span class="uicontrol">Port:</span> <tt>88</tt></p>
<div class="note"><span class="notetitle">Note:</span> This is the default
port for the Kerberos server.</div>
</td>
</tr>
<tr><td align="left" valign="top" width="57.73195876288659%" headers="d0e464 ">Do you want to configure a password server
for this default realm? If yes, answer the following questions: <p>What is name of the password server for this Kerberos server?<br />
What is the port on which the password server listens?</p>
</td>
<td align="left" valign="top" width="42.2680412371134%" headers="d0e469 ">Yes <p><span class="uicontrol">Password server:</span> <tt>kdc1.myco.com</tt> <br />
<span class="uicontrol">Port:</span> <tt>464</tt> </p>
<div class="note"><span class="notetitle">Note:</span> This is the default
port for the password server.</div>
</td>
</tr>
<tr><td valign="top" width="57.73195876288659%" headers="d0e464 ">For which services do you want to create keytab entries?<ul><li>i5/OS Kerberos
Authentication</li>
<li>LDAP</li>
<li>iSeries IBM HTTP
Server</li>
<li>iSeries NetServer</li>
</ul>
</td>
<td valign="top" width="42.2680412371134%" headers="d0e469 ">i5/OS Kerberos Authentication</td>
</tr>
<tr><td align="left" valign="top" width="57.73195876288659%" headers="d0e464 ">What is the password for your i5/OS service
principal(s)? </td>
<td align="left" valign="top" width="42.2680412371134%" headers="d0e469 ">iseriesb123 <div class="note"><span class="notetitle">Note:</span> Any and all passwords specified
in this scenario are for example purposes only. To prevent a compromise to
your system or network security, you should never use these passwords as part
of your own configuration.</div>
</td>
</tr>
<tr><td align="left" valign="top" width="57.73195876288659%" headers="d0e464 ">Do you want to create a batch file to automate
adding the service principals for iSeries B to the Kerberos registry?</td>
<td align="left" valign="top" width="42.2680412371134%" headers="d0e469 ">Yes</td>
</tr>
<tr><td valign="top" width="57.73195876288659%" headers="d0e464 ">Do you want to include passwords with the i5/OS service
principals in the batch file?</td>
<td valign="top" width="42.2680412371134%" headers="d0e469 ">Yes</td>
</tr>
<tr><td colspan="2" valign="top" headers="d0e464 d0e469 ">As you exit the Network Authentication
Service wizard, you will return to the EIM Configuration wizard. Use the following
information to complete the EIM Configuration wizard for iSeries B:</td>
</tr>
<tr><td valign="top" width="57.73195876288659%" headers="d0e464 ">What is the name of the EIM domain controller for the
EIM domain that you want to join?</td>
<td valign="top" width="42.2680412371134%" headers="d0e469 ">iseriesa.myco.com</td>
</tr>
<tr><td valign="top" width="57.73195876288659%" headers="d0e464 ">Do you plan on securing the connection with SSL or TLS?</td>
<td valign="top" width="42.2680412371134%" headers="d0e469 ">No</td>
</tr>
<tr><td valign="top" width="57.73195876288659%" headers="d0e464 ">What is the port on which the EIM domain controller
listens?</td>
<td valign="top" width="42.2680412371134%" headers="d0e469 ">389</td>
</tr>
<tr><td valign="top" width="57.73195876288659%" headers="d0e464 ">Which user do you want to use to connect to the domain
controller? This is the connection user.<div class="note"><span class="notetitle">Note:</span> Specify the LDAP administrator's
distinguished name (DN) and password to ensure the wizard has enough authority
to administer the EIM domain and the objects in it.</div>
</td>
<td valign="top" width="42.2680412371134%" headers="d0e469 "><p><span class="uicontrol">User type:</span> <tt>Distinguished name and password</tt><br />
<span class="uicontrol">Distinguished name:</span> <tt>cn=administrator</tt><br />
<span class="uicontrol">Password:</span> <tt>mycopwd</tt></p>
<div class="note"><span class="notetitle">Note:</span> Any and all
passwords specified in this scenario are for example purposes only. To prevent
a compromise to your system or network security, you should never use these
passwords as part of your own configuration.</div>
</td>
</tr>
<tr><td valign="top" width="57.73195876288659%" headers="d0e464 ">What is the name of the EIM domain that you want to
join?</td>
<td valign="top" width="42.2680412371134%" headers="d0e469 "><tt>MyCoEimDomain</tt></td>
</tr>
<tr><td valign="top" width="57.73195876288659%" headers="d0e464 ">Do you want to specify a parent DN for the EIM domain?</td>
<td valign="top" width="42.2680412371134%" headers="d0e469 ">No</td>
</tr>
<tr><td valign="top" width="57.73195876288659%" headers="d0e464 ">What is the name of the user registry that you want
to add to the EIM domain?</td>
<td valign="top" width="42.2680412371134%" headers="d0e469 ">Local i5/OS--ISERIESB.MYCO.COM</td>
</tr>
<tr><td valign="top" width="57.73195876288659%" headers="d0e464 ">Which EIM user do you want iSeries B to use when performing EIM
operations? This is the system user.<div class="note"><span class="notetitle">Note:</span> Earlier in this scenario, you used
the EIM Configuration wizard to configure the directory server on iSeries A.
In doing so, you created a DN and password for the LDAP administrator. This
is currently the only DN defined for the directory server. Therefore, this
is the DN and password you must supply here.</div>
</td>
<td valign="top" width="42.2680412371134%" headers="d0e469 "><p><span class="uicontrol">User type:</span> <tt>Distinguished name and password</tt><br />
<span class="uicontrol">Distinguished name:</span> <tt>cn=administrator</tt><br />
<span class="uicontrol">Password:</span> <tt>mycopwd</tt></p>
<div class="note"><span class="notetitle">Note:</span> Any and all
passwords specified in this scenario are for example purposes only. To prevent
a compromise to your system or network security, you should never use these
passwords as part of your own configuration.</div>
</td>
</tr>
</tbody>
</table>
</div>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" frame="border" border="1" rules="all"><caption>Table 4. Single signon configuration planning work sheet - user profiles</caption><thead align="left"><tr><th valign="top" id="d0e720">i5/OS user
profile name</th>
<th valign="top" id="d0e724">Password is specified</th>
<th valign="top" id="d0e726">Special authority (Privilege class)</th>
<th valign="top" id="d0e728">System</th>
</tr>
</thead>
<tbody><tr><td valign="top" headers="d0e720 ">SYSUSERA</td>
<td valign="top" headers="d0e724 ">No</td>
<td valign="top" headers="d0e726 ">User</td>
<td valign="top" headers="d0e728 ">iSeries A</td>
</tr>
<tr><td valign="top" headers="d0e720 ">SYSUSERB</td>
<td valign="top" headers="d0e724 ">No</td>
<td valign="top" headers="d0e726 ">User</td>
<td valign="top" headers="d0e728 ">iSeries B</td>
</tr>
</tbody>
</table>
</div>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" frame="border" border="1" rules="all"><caption>Table 5. Single signon configuration planning work sheet - EIM domain
data</caption><thead align="left"><tr><th valign="top" width="19.542619542619544%" id="d0e764">Identifier name</th>
<th valign="top" width="29.10602910602911%" id="d0e766">User registry</th>
<th valign="top" width="16.008316008316008%" id="d0e768">User identity</th>
<th valign="top" width="15.384615384615385%" id="d0e770">Association type</th>
<th valign="top" width="19.95841995841996%" id="d0e772">Identifier description</th>
</tr>
</thead>
<tbody><tr><td valign="top" width="19.542619542619544%" headers="d0e764 ">John Day</td>
<td valign="top" width="29.10602910602911%" headers="d0e766 ">MYCO.COM</td>
<td valign="top" width="16.008316008316008%" headers="d0e768 ">jday</td>
<td valign="top" width="15.384615384615385%" headers="d0e770 ">Source</td>
<td valign="top" width="19.95841995841996%" headers="d0e772 ">Kerberos (Windows 2000) login user identity</td>
</tr>
<tr><td valign="top" width="19.542619542619544%" headers="d0e764 ">John Day</td>
<td valign="top" width="29.10602910602911%" headers="d0e766 ">ISERIESA.MYCO.COM</td>
<td valign="top" width="16.008316008316008%" headers="d0e768 ">JOHND</td>
<td valign="top" width="15.384615384615385%" headers="d0e770 ">Target</td>
<td valign="top" width="19.95841995841996%" headers="d0e772 ">i5/OS user profile on iSeries A</td>
</tr>
<tr><td valign="top" width="19.542619542619544%" headers="d0e764 ">John Day</td>
<td valign="top" width="29.10602910602911%" headers="d0e766 ">ISERIESB.MYCO.COM</td>
<td valign="top" width="16.008316008316008%" headers="d0e768 ">DAYJO</td>
<td valign="top" width="15.384615384615385%" headers="d0e770 ">Target</td>
<td valign="top" width="19.95841995841996%" headers="d0e772 ">i5/OS user profile on iSeries B</td>
</tr>
<tr><td valign="top" width="19.542619542619544%" headers="d0e764 ">Sharon Jones</td>
<td valign="top" width="29.10602910602911%" headers="d0e766 ">MYCO.COM</td>
<td valign="top" width="16.008316008316008%" headers="d0e768 ">sjones</td>
<td valign="top" width="15.384615384615385%" headers="d0e770 ">Source</td>
<td valign="top" width="19.95841995841996%" headers="d0e772 ">Kerberos (Windows 2000) login user identity</td>
</tr>
<tr><td valign="top" width="19.542619542619544%" headers="d0e764 ">Sharon Jones</td>
<td valign="top" width="29.10602910602911%" headers="d0e766 ">ISERIESA.MYCO.COM</td>
<td valign="top" width="16.008316008316008%" headers="d0e768 ">SHARONJ</td>
<td valign="top" width="15.384615384615385%" headers="d0e770 ">Target</td>
<td valign="top" width="19.95841995841996%" headers="d0e772 ">i5/OS user profile on iSeries A</td>
</tr>
<tr><td valign="top" width="19.542619542619544%" headers="d0e764 ">Sharon Jones</td>
<td valign="top" width="29.10602910602911%" headers="d0e766 ">ISERIESB.MYCO.COM</td>
<td valign="top" width="16.008316008316008%" headers="d0e768 ">JONESSH</td>
<td valign="top" width="15.384615384615385%" headers="d0e770 ">Target</td>
<td valign="top" width="19.95841995841996%" headers="d0e772 ">i5/OS user profile on iSeries B</td>
</tr>
</tbody>
</table>
</div>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" frame="border" border="1" rules="all"><caption>Table 6. Single signon configuration planning work sheet - EIM domain
data - policy associations</caption><thead align="left"><tr><th valign="top" width="19.715447154471544%" id="d0e878">Policy association type</th>
<th valign="top" width="16.056910569105693%" id="d0e880">Source user registry</th>
<th valign="top" width="28.252032520325205%" id="d0e882">Target user registry</th>
<th valign="top" width="18.089430894308943%" id="d0e884">User identity</th>
<th valign="top" width="17.88617886178862%" id="d0e886">Description</th>
</tr>
</thead>
<tbody><tr><td valign="top" width="19.715447154471544%" headers="d0e878 ">Default registry</td>
<td valign="top" width="16.056910569105693%" headers="d0e880 ">MYCO.COM</td>
<td valign="top" width="28.252032520325205%" headers="d0e882 ">ISERIESA.MYCO.COM</td>
<td valign="top" width="18.089430894308943%" headers="d0e884 ">SYSUSERA</td>
<td valign="top" width="17.88617886178862%" headers="d0e886 ">Maps authenticated Kerberos user to appropriate i5/OS user
profile</td>
</tr>
<tr><td valign="top" width="19.715447154471544%" headers="d0e878 ">Default registry</td>
<td valign="top" width="16.056910569105693%" headers="d0e880 ">MYCO.COM</td>
<td valign="top" width="28.252032520325205%" headers="d0e882 ">ISERIESB.MYCO.COM</td>
<td valign="top" width="18.089430894308943%" headers="d0e884 ">SYSUSERB</td>
<td valign="top" width="17.88617886178862%" headers="d0e886 ">Maps authenticated Kerberos user to appropriate i5/OS user
profile</td>
</tr>
</tbody>
</table>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzakhscen2.htm" title="Use the following scenario to become familiar with the prerequisites and objectives for enabling single signon for i5/OS.">Scenario: Enable single signon for i5/OS</a></div>
<div class="nextlink"><strong>Next topic:</strong> <a href="rzakhssoscenario_createassoconfiguration.htm">Create a basic single signon configuration for iSeries A</a></div>
</div>
</div>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink