Creating a cross-realm trust principal on the IBM i PASE Kerberos server
To create a cross-realm trust principal on the IBM® i PASE Kerberos server, follow these steps.
- In a character-based interface, type call QP2TERM.
This command opens an interactive shell environment that allows you to work with IBM i PASE applications.
- At the command line, enter export PATH=$PATH:/usr/krb5/sbin.
This command points to the Kerberos scripts that are necessary to run the executable files.
- At the command line, enter kadmin -p admin/admin, and press Enter.
- Sign in with administrator's password. For example, secret.
- At the kadmin prompt, enter addprinc krbtgt/SHIPDEPT.MYCO.COM@ORDEPT.MYCO.COM.
You will be prompted to enter a password for the principal "krbtgt/SHIPDEPT.MYCO.COM@ORDEPT.MYCO.COM".
Enter shipord1 for the password. Press Enter. You will be prompted to re-enter this password, and you will receive a message that reads:
Principal "krbtgt/SHIPDEPT.MYCO.COM@ORDEPT.MYCO.COM" created.
- At the kadmin prompt, enter addprinc krbtgt/ORDEPT.MYCO.COM@SHIPDEPT.MYCO.COM.
You will be prompted to enter a password for the principal "krbtgt/ORDEPT.MYCO.COM@SHIPDEPT.MYCO.COM".
Enter shipord2 for the password. Press Enter. You will be prompted to re-enter this password, and you will receive a message that reads:
Principal "krbtgt/ORDEPT.MYCO.COM@SHIPDEPT.MYCO.COM" created.
- Enter quit to exit the kadmin interface, and press F3 (Exit) to exit the PASE environment.