Creating a cross-realm trust principal on the i5/OS PASE Kerberos server

 

To create a cross-realm trust principal on the i5/OS® PASE Kerberos server, follow these steps.

  1. In a character-based interface, type call QP2TERM. This command opens an interactive shell environment that allows you to work with i5/OS PASE applications.

  2. At the command line, enter export PATH=$PATH:/usr/krb5/sbin. This command points to the Kerberos scripts that are necessary to run the executable files.

  3. At the command line, enter kadmin -p admin/admin, and press Enter.

  4. Sign in with administrator's password. For example, secret.

  5. At the kadmin prompt, enter addprinc krbtgt/SHIPDEPT.MYCO.COM@ORDEPT.MYCO.COM. You will be prompted to enter a password for the principal "krbtgt/SHIPDEPT.MYCO.COM@ORDEPT.MYCO.COM". Enter shipord1 for the password. Press Enter. You will be prompted to re-enter this password, and you will receive a message that reads: 
    Principal "krbtgt/SHIPDEPT.MYCO.COM@ORDEPT.MYCO.COM" created.

  6. At the kadmin prompt, enter addprinc krbtgt/ORDEPT.MYCO.COM@SHIPDEPT.MYCO.COM. You will be prompted to enter a password for the principal "krbtgt/ORDEPT.MYCO.COM@SHIPDEPT.MYCO.COM". Enter shipord2 for the password. Press Enter. You will be prompted to re-enter this password, and you will receive a message that reads: 
    Principal "krbtgt/ORDEPT.MYCO.COM@SHIPDEPT.MYCO.COM" created.

  7. Enter quit to exit the kadmin interface, and press F3 (Exit) to exit the PASE environment.

 

Parent topic:

Scenario: Setting up cross-realm trust
Previous topic: Ensuring that the Kerberos server in i5/OS PASE on System B has started
Next topic: Changing encryption values on i5/OS PASE Kerberos server