Creating host, user, and service principals
Here is the procedure for creating host principals for your Windows® 2000 and Windows XP workstations and for creating user and service principals on your Kerberos server.
To provide interoperability between a Windows 2000 or Windows XP workstation and a Kerberos server in i5/OS® PASE,
you need to add a host principal for the workstation to the Kerberos realm.
For users to be authenticated to services in your network, add them to the Kerberos server as principals. These user principals are stored on the Kerberos server and are used to validate users on the network. For i5/OS to accept Kerberos tickets,
add them to the Kerberos server as principals. Complete the following tasks:
User names, host names, and passwords are used for example purposes only.
- In a character-based interface, enter call QP2TERM at the command line. This command opens an interactive shell environment where you can work with i5/OS PASE applications.
- At the command line, enter export PATH=$PATH:/usr/krb5/sbin. This command points to the Kerberos scripts that are necessary to run the executable files.
- At the command line, enter kadmin -p admin/admin, and press Enter.
- Sign in with administrator's password.
- At the kadmin prompt, enter addprinc -pw secret1 host/pc1.myco.com. This command creates a host principal for the PC in your network. Repeat this step for all the PCs in your network.
- Enter addprinc -pw secret jonesm. This command creates a principal for your user, Mary Jones. Repeat this step for all of your users.
- At the kadmin prompt, enter addprinc -pw systema123 krbsvr400/systema.myco.com. This command creates a service principal for the Kerberos server.
- Enter quit to exit the kadmin interface,
and press F3 (Exit) to exit the PASE environment.
Parent topic:
Configuring a Kerberos server in i5/OS PASE