Completing the planning work sheets

 

These planning work sheets illustrate the type of information you need before you enable your systems to use Kerberos authentication.

Table 1. Using Kerberos authentication between Management Central servers - prerequisite work sheet
Prerequisite work sheet Answers
Is your i5/OS® V5R3 (5722-SS1), or later, for all of your System i™ platforms? Yes
Have you applied the latest program temporary fixes (PTFs)? Yes
Are the following options and licensed programs installed on all your System i models?

  • i5/OS Host Servers (5722-SS1 Option 12)

  • iSeries™ Access for Windows® (5722-XE1)

  • Network Authentication Enablement (5722-NAE) if you are using i5/OS V5R4, or later

  • Cryptographic Access Provider (5722-AC3) if you are running i5/OS V5R3
Yes
Is iSeries Access for Windows (5722-XE1) installed on the administrator's PC? Yes
Is iSeries Navigator installed on the administrator's PC?

  • Is the Network subcomponent of iSeries Navigator installed on the administrator's PC?

  • Is the Security subcomponent of iSeries Navigator installed on the administrator's PC?
Yes
Have you installed the latest IBM® eServer™ iSeries Access for Windows service pack? See iSeries Access for the latest service pack. Yes
Do you have *SECADM, *ALLOBJ, and *IOSYSCFG special authorities? Yes
Do you have one of the following systems acting as the Kerberos server? If yes, specify which system.

  1. Microsoft® Windows 2000 Server

    Microsoft Windows 2000 Server uses Kerberos authentication as its default security mechanism.

  2. Windows Server 2003

  3. i5/OS PASE (V5R3, or later)

  4. AIX® server

  5. z/OS®
Yes, Windows 2000 Server
For Windows 2000 Server and Windows Server 2003, do you have Windows Support Tools (which provides the ktpass tool) installed? Yes
Is the System i system time within 5 minutes of the system time on the Kerberos server? If not, see Synchronizing system times. Yes

Questions
Table 2. Using Kerberos authentication between Management Central servers - planning work sheet
Answers
What is the name of the system group? MyCo2 system group
What systems will be included in this system group? System A, System B, System C, System D
What are the service principal names for the System i platforms?

krbsvr400/systema.myco.com@MYCO.COM
krbsvr400/systemb.myco.com@MYCO.COM
krbsvr400/systemc.myco.com@MYCO.COM
krbsvr400/systemd.myco.com@MYCO.COM

 

Parent topic:

Scenario: Using Kerberos authentication between Management Central servers
Next topic: Setting the central system to use Kerberos authentication