To ensure that Kerberos authentication and host name resolution work properly with your Kerberos-enabled applications, verify that your PCs and your System i™ platforms resolve the same host name for the system on which the service application resides.
In a Kerberos environment, both the client and the server use some method of host name resolution to determine the host name for the system on which a particular application or service resides. If the System i platforms and the PCs use a Domain Name System (DNS) server, it is important that they use the same DNS server to perform host name resolution or, if they use more than one DNS server, that the host names are the same on both DNS servers. If your System i platform or PC resolves host names locally (from a local host table or file), they might resolve a host name that is different from the corresponding host name recorded on the DNS server. This might cause network authentication service to fail.
To ensure that Kerberos authentication and host name resolution work properly with your Kerberos-enabled applications, verify that your PCs and your System i platforms resolve the same host name for the system on which the service application resides. In the following example, this system is called System A.
The following instructions demonstrate how to determine whether the PCs and System i platforms resolve the same name for System A. Refer to the example work sheets as you follow the instructions.
You can enter your own information in the blank work sheets when you perform these steps for your Kerberos realm.
This graphic illustrates the system files and records that contain host name information in the following example.
The IP address 10.1.1.1 represents a public IP address. This address is for example purposes only.
Details
DNS server
This example demonstrates one DNS server. However, your network might use more than one DNS server. For example, your PC might use one DNS server to resolve host names and your System i platform might use a different DNS server. You need to determine how many DNS servers your realm is using for host resolution and adapt this information to your situation.
PC
You can find the hosts file in these folders:
System A
The Host name search priority parameter indicates either *LOCAL or *REMOTE depending on how your network administrator configured TCP/IP to perform host resolution on the system.
| On the PC, determine the host name for System A. | ||
|---|---|---|
| Step | Source | Host name |
| 1.a.1 | PC hosts file | systema.myco.com |
| 1.b.1 | DNS server | systema.myco.com |
| On System A, determine the host name for System A. | ||||||||
|---|---|---|---|---|---|---|---|---|
| Step | Source | Host name | ||||||
| 2.a.2 |
System A
|
Host name: systema
| ||||||
Host name search priority value: *LOCAL or *REMOTE 2.b.2
|
| System A
systema.myco.com
| 2.c.1
| DNS server
| systema.myco.com | | ||
| These three host names must match exactly. | |
|---|---|
| Step | Host name |
| Step 1 | systema.myco.com |
| Step 2.a.2 |
systema
|
| 2d | systema.myco.com |
You can use the following three work sheets to verify that your PCs and your System i platforms resolve the same host name for the system on which the service application resides.
| On the PC, determine the host name for the System i platform. | ||
|---|---|---|
| Step | Source | Host name |
| 1.a.1 | PC hosts file | |
| 1.b.1 | DNS server | |
| On your System i platform, determine the host name for the System i platform. | ||
|---|---|---|
| Step | Source | Host name |
| 2.a.2 |
System i
|
Host name:
|
| Note Host name search priority value: *LOCAL or *REMOTE | ||
| 2.b.2 |
System i
| |
| 2.c.1 | DNS server | |
| These three host names must match exactly. | |
|---|---|
| Step | Host name |
| Step 1 | |
| Step 2.a.2 | |
| 2d | |