Testing network authentication service on Systems A and B

After you complete the network authentication service configuration tasks for both of your systems, you need to verify that your configurations work correctly for both System A and System B.

You can do this testing by completing these steps to request a ticket-granting ticket for the System A and System B principals:
Note: Ensure that you have created a home directory for your IBM® i user profile before performing this procedure.
  1. On a command line, enter QSH to start the Qshell Interpreter.
  2. Enter keytab list to display a list of principals registered in the keytab file.
    In this scenario, krbsvr400/systema.myco.com@MYCO.COM should display as the principal name for System A.
  3. Enter kinit -k krbsvr400/systema.myco.com@MYCO.COM to request a ticket-granting ticket from the Kerberos server.
    By running this command, you can verify that your system has been configured properly and that the password in the keytab file matches the password stored on the Kerberos server. If this is successful, the kinit command displays without errors.
  4. Enter klist to verify that the default principal is krbsvr400/systema.myco.com@MYCO.COM.
    This command displays the contents of a Kerberos credentials cache and verifies that a valid ticket has been created for the IBM i service principal and placed within the credentials cache on the system.
     Ticket cache: FILE:/QIBM/USERDATA/OS400/NETWORKAUTHENTICATION/creds/krbcred
     Default principal: krbsvr400/systema.myco.com@MYCO.COM  
    Server: krbtgt/MYCO.COM@MYCO.COM              
      Valid 20XX/06/09-12:08:45 to 20XX/11/05-03:08:45