Configuring network authentication service on System A

Edit online

To configure network authentication service, follow these steps.

  1. In IBM® Navigator for i, expand Security > Network Authentication Service and select Configuration Wizard to start the configuration wizard.
    Note: If you have already configured network authentication service, you will see a warning message indicating Network Authentication Service has already been configured.
  2. On the Welcome page, in the Specify Realm Information portion of the page, enter MYCO.COM in the Default realm field. Check the box for Microsoft Active Directory is used for kerberos authentication. Click Next.
  3. On the Specify KDC Information page, enter kdc1.myco.com for the Kerberos server in the KDC field and enter 88 in the Port field. Click Add and click Next.
    Note: If you have already configured network authentication service, the KDC will already be in the KDC table. Click Next.
  4. On the Specify Password Server Information page, select Yes. Enter kdc1.myco.com in the Password server field and 464 in the Port field. Click Add and click Next.
    Note: If you have already configured network authentication service, the password server will already be in the Password Server table. Click Next.
  5. On the Select Keytab Entries page, check the box for IBM i Kerberos Authentication, remove the check from the boxes for the other services. Select Yes for Do you want to set the same password for the selected keytab entries?. Enter and confirm a password. This password will be used when System A is added to the kerberos server. Click Next.
  6. On the Create Batch File page, select Yes to create the batch file. Check the box to Include password in batch file. This ensures that all passwords associated with the IBM i service principal are included in the batch file. It is important to note that passwords are displayed in clear text and can be read by anyone with read access to the batch file. Therefore, it is recommended that you delete the batch file from the Kerberos server and from the IBM i immediately after use. Click Next.
    Note: Alternatively, you can add service principals that are generated by the wizard manually to the Kerberos server. If you want to know how to manually add the IBM i service principal to the Kerberos server, see Adding IBM i principals to the Kerberos server.
  7. On the Summary page, review the network authentication service configuration details. Click Finish.