Configure Windows 2000 and Windows XP workstations

This step is optional for configuring a Kerberos server in i5/OS^® PASE. If you intend to create a single sign-on environment after configuring the Kerberos server, complete this step. If not, skip to Step 9 (Configuring network authentication service).

Configure the client workstations as part of a workgroup by setting the Kerberos realm and Kerberos server on the workstation. You also need to set a password that is associated with the workstation.

All passwords specified in this scenario are for example purposes only. To prevent a compromise to your system or network security, you should never use these passwords as part of your own configuration.

To configure the workstations, complete these steps:

From a command prompt on the Windows^® 2000 workstation, enter:

C:> ksetup /setdomain MYCO.COM C:> ksetup /addkdc MYCO.COM kdc1.myco.com

Set the local machine account password by entering this at the Windows 2000 workstation command prompt:
```
C:> ksetup /setmachpassword secret1
```
Map John Day's Kerberos user principal (day@MYCO.COM) to his Windows 2000 user name (johnday). Enter this at the Windows 2000 workstation command prompt:
```
C:> ksetup /mapuser day@MYCO.COM johnday
```
To verify that John Day's Kerberos user principal maps to his Windows 2000 user name, enter this at the Windows 2000 workstation command prompt:
```
C:> ksetup
```
and view the results.
Restart the PC for the changes to take effect.
Repeat these steps for Karen Jones' workstation, but specify the following information:
- Local machine account password: secret2
- Kerberos user principal: jones@MYCO.COM
- Windows 2000 user name: karenjones

Parent topic:

Scenario: Setting up a Kerberos server in i5/OS PASE

Previous topic: Adding System A service principal to the Kerberos server

Next topic: Configuring network authentication service

Configuring Windows 2000 and Windows XP workstations

Parent topic: