Testing network authentication service
To test the network authentication service configuration, request a ticket-granting ticket for your IBM® i principal and other principals within your network.
Note: Be sure you have created a home directory for your IBM i user profile before performing this test.To test the network authentication service configuration, follow these steps:
- On a command line, enter QSH to start the Qshell Interpreter.
- Enter keytab list to display a list of principals
registered in the keytab file. The following results should display:
Principal: krbsvr400/systema.myco.com@MYCO.COM Key version: 1 Key type: 256-bit AES Entry timestamp: 20XX/05/29-11:02:58
- Enter kinit -k krbsvr400/systema.myco.com@MYCO.COM to
request a ticket-granting ticket from the Kerberos server. This command verifies that your system has been configured properly and the password in the keytab file matches the password stored on the Kerberos server. If this is successful, the QSH command displays without errors.
- Enter klist to verify that the default
principal is krbsvr400/systema.myco.com@MYCO.COM. This command displays the contents of a Kerberos credentials cache and verifies that a valid ticket has been created for the IBM i service principal and placed within the credentials cache on the system.
Ticket cache: FILE:/QIBM/USERDATA/OS400/NETWORKAUTHENTICATION/creds/krbcred Default principal: krbsvr400/systema.myco.com@MYCO.COM Server: krbtgt/MYCO.COM@MYCO.COM Valid 20XX/06/09-12:08:45 to 20XX/11/05-03:08:45 $
You have completed the steps required to configure your system to be a Kerberos server and you can use Kerberos to authenticate the users in the MYCO.COM realm.