ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzakh_5.4.0.1/rzakhssoscenario_testnas.htm

68 lines
4.8 KiB
HTML

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="task" />
<meta name="DC.Title" content="Test network authentication service on iSeries A and iSeries B" />
<meta name="DC.Relation" scheme="URI" content="rzakhscen2.htm" />
<meta name="DC.Relation" scheme="URI" content="rzakhssoscenario_createhomedirectorie.htm" />
<meta name="DC.Relation" scheme="URI" content="rzakhssoscenario_createeimidentifiers.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 1998, 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 1998, 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="rzakhssoscenario_testnas" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Test network authentication service on iSeries A and iSeries B</title>
</head>
<body id="rzakhssoscenario_testnas"><a name="rzakhssoscenario_testnas"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Test network authentication service on iSeries A and iSeries B</h1>
<div><div class="section">After you complete the network authentication service configuration
tasks for both of your systems, you need to verify that your configurations
work correctly for both iSeries™ A and iSeries B. You can do this testing by
completing these steps to request a ticket granting ticket for the iSeries A and iSeries B
principals:<div class="note"><span class="notetitle">Note:</span> Ensure that you have created a home directory for your i5/OS™ user
profile before performing this procedure.</div>
</div>
<ol><li class="stepexpand"><span>On a command line, enter <tt>QSH</tt> to start the Qshell Interpreter.</span></li>
<li class="stepexpand"><span>Enter <tt>keytab list</tt> to display a list of principals registered
in the keytab file. </span> In this scenario, krbsvr400/iseriesa.myco.com@MYCO.COM
should display as the principal name for iSeries A.</li>
<li class="stepexpand"><span>Enter <tt>kinit -k krbsvr400/iseriesa.myco.com@MYCO.COM</tt> to
request a ticket-granting ticket from the Kerberos server. </span> By
running this command, you can verify that your iSeries server has been configured properly
and that the password in the keytab file matches the password stored on the
Kerberos server. If this is successful then the kinit command will display
without errors.</li>
<li class="stepexpand"><span>Enter <tt>klist</tt> to verify that the default principal is krbsvr400/iseriesa.myco.com@MYCO.COM. </span> This command displays the contents of a Kerberos credentials cache and
verifies that a valid ticket has been created for the i5/OS service principal and placed within
the credentials cache on the iSeries system.<pre class="screen"> Ticket cache: FILE:/QIBM/USERDATA/OS400/NETWORKAUTHENTICATION/creds/krbcred
Default principal: krbsvr400/iseriesa.myco.com@MYCO.COM
Server: krbtgt/MYCO.COM@MYCO.COM
Valid 200X/06/09-12:08:45 to 20XX/11/05-03:08:45
$ </pre>
</li>
</ol>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzakhscen2.htm" title="Use the following scenario to become familiar with the prerequisites and objectives for enabling single signon for i5/OS.">Scenario: Enable single signon for i5/OS</a></div>
<div class="previouslink"><strong>Previous topic:</strong> <a href="rzakhssoscenario_createhomedirectorie.htm">Create home directories on iSeries A and iSeries B</a></div>
<div class="nextlink"><strong>Next topic:</strong> <a href="rzakhssoscenario_createeimidentifiers.htm">Create EIM identifiers for two administrators, John Day and Sharon Jones</a></div>
</div>
</div>
</body>
</html>