ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzamz_5.4.0.1/rzamzconfigurenetworkauthentication.htm

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
  PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="task" />
<meta name="DC.Title" content="Configure network authentication service and EIM on the V5R2 or later system, iSeries D" />
<meta name="DC.Relation" scheme="URI" content="rzamzsynchconfig.htm" />
<meta name="DC.Relation" scheme="URI" content="rzamzcompletetheconfigurationsfornetwork.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 2000, 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2000, 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="rzamzconfigurenetworkauthentication" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Configure network authentication service and EIM on the V5R2 or later
system, iSeries D</title>
</head>
<body id="rzamzconfigurenetworkauthentication"><a name="rzamzconfigurenetworkauthentication"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Configure network authentication service and EIM on the V5R2 or later
system, iSeries D</h1>
<div><div class="section"><p><span class="keyword">iSeries™</span> D is running <span class="keyword">OS/400<sup>®</sup></span> V5R2 and this
release does not support the Synchronize Functions wizard. Therefore, the
configurations on <span class="keyword">iSeries</span> A
cannot be propagated to <span class="keyword">iSeries</span> D.
Instead, you need to use the EIM Configuration wizard and the Network Authentication
Service wizard to manually configure this system, and you need to perform
the additional steps required to allow <span class="keyword">iSeries</span> D
to participate in the single signon environment. </p>
<p>These are the tasks
you need to perform, depending on how you configured single signon on <span class="keyword">iSeries</span> A:</p>
</div>
<ol><li><span>Configure <span class="keyword">iSeries</span> D
to participate in the EIM domain and configure <span class="keyword">iSeries</span> D
for network authentication service using the EIM Configuration wizard and
Network Authentication Service wizard.</span></li>
<li><span>Add <span class="keyword">i5/OS™</span> service
principals to the Kerberos server.</span></li>
<li><span>Create a home directory for each of your users.</span></li>
<li><span>Test network authentication service.</span></li>
<li><span>Create EIM identifiers for your users.</span></li>
<li><span>Create source associations and target associations for the EIM
identifiers.</span></li>
<li><span>(Optional) Create policy associations.</span></li>
<li><span>(Optional) Enable the registries to participate in lookup operations
and to use the policy associations.</span></li>
<li><span>Test the EIM mappings.</span></li>
<li><span>(Optional) Configure <span class="keyword">iSeries Access for Windows<sup>®</sup></span> applications
to use Kerberos.</span></li>
<li><span>Verify network authentication service and EIM configurations.</span></li>
</ol>
<div class="section"><p>You can use the <a href="rzamzenablessoos400.htm">Enable
single signon for i5/OS</a> scenario as a guide as you configure <span class="keyword">iSeries</span> D to match the single signon
configuration on <span class="keyword">iSeries</span> A.
This scenario provides step-by-step instructions for completing all the tasks
required for single signon. Within the <a href="rzamzenablessoos400.htm">Enable single signon for i5/OS</a> scenario, you should follow
the instructions for the system identified as<span class="keyword">iSeries</span> B
because that system joins an existing EIM domain just as <span class="keyword">iSeries</span> D
should join the existing EIM domain in this scenario.</p>
<p>You have completed
the propagation of the network authentication service and EIM configurations
to multiple systems. To configure the Management Central server to take advantage
of a single signon environment, you need to perform some additional tasks.
See <a href="rzamzconfigssomgtcentral.htm">Scenario: Configure the Management
Central server for a single signon environment</a> for details.</p>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzamzsynchconfig.htm" title="This scenario demonstrates how to use the Synchronize Functions wizard in iSeries™ Navigator to propagate a single signon configuration across multiple systems in a mixed OS/400® release environment. Administrators can save time by configuring single signon once and propagating that configuration to all of their systems, instead of configuring each system individually.">Scenario: Propagate network authentication service and EIM across multiple systems</a></div>
<div class="previouslink"><strong>Previous topic:</strong> <a href="rzamzcompletetheconfigurationsfornetwork.htm">Complete the configurations for network authentication service and EIM on iSeries B and iSeries C</a></div>
</div>
</div>
</body>
</html>