Creating a cross-realm trust principal on the IBM i PASE Kerberos server

To create a cross-realm trust principal on the IBM® i PASE Kerberos server, follow these steps.

1. In a character-based interface, type call QP2TERM.
   This command opens an interactive shell environment that allows you to work with IBM i PASE applications.
2. At the command line, enter export PATH=$PATH:/usr/krb5/sbin.
   This command points to the Kerberos scripts that are necessary to run the executable files.
3. At the command line, enter kadmin -p admin/admin, and press Enter.
4. Sign in with administrator's password.
   For example, secret.
5. At the kadmin prompt, enter addprinc krbtgt/SHIPDEPT.MYCO.COM@ORDEPT.MYCO.COM. You will be prompted to enter a password for the principal "krbtgt/SHIPDEPT.MYCO.COM@ORDEPT.MYCO.COM". Enter shipord1 for the password. Press Enter.
   You will be prompted to re-enter this password, and you will receive a message that reads:

   Principal "krbtgt/SHIPDEPT.MYCO.COM@ORDEPT.MYCO.COM" created.

6. At the kadmin prompt, enter addprinc krbtgt/ORDEPT.MYCO.COM@SHIPDEPT.MYCO.COM. You will be prompted to enter a password for the principal "krbtgt/ORDEPT.MYCO.COM@SHIPDEPT.MYCO.COM". Enter shipord2 for the password. Press Enter.
   You will be prompted to re-enter this password, and you will receive a message that reads:

   Principal "krbtgt/ORDEPT.MYCO.COM@SHIPDEPT.MYCO.COM" created.

7. Enter quit to exit the kadmin interface, and press F3 (Exit) to exit the PASE environment.