After you complete the network authentication
service configuration tasks for both of your systems, you need to
verify that your configurations work correctly for both System A and
System B.
You can do this testing by completing these steps
to request a ticket-granting ticket for the System A and System B
principals:
Note: Ensure that you have created a home directory for
your IBM® i user
profile before performing this procedure.
- On a command line, enter QSH to start the Qshell
Interpreter.
- Enter keytab list to display a list of principals
registered in the keytab file.
In this
scenario, krbsvr400/systema.myco.com@MYCO.COM should display as the
principal name for System A.
- Enter kinit -k krbsvr400/systema.myco.com@MYCO.COM to
request a ticket-granting ticket from the Kerberos server.
By
running this command, you can verify that your system has been configured
properly and that the password in the keytab file matches the password
stored on the Kerberos server. If this is successful, the kinit command
displays without errors.
- Enter klist to verify that the default
principal is krbsvr400/systema.myco.com@MYCO.COM.
This command displays the contents of a Kerberos credentials
cache and verifies that a valid ticket has been created for the
IBM i service principal
and placed within the credentials cache on the system.
Ticket cache: FILE:/QIBM/USERDATA/OS400/NETWORKAUTHENTICATION/creds/krbcred
Default principal: krbsvr400/systema.myco.com@MYCO.COM
Server: krbtgt/MYCO.COM@MYCO.COM
Valid 20XX/06/09-12:08:45 to 20XX/11/05-03:08:45
$