Testing network authentication service on System A

To verify that you have configured network authentication service correctly, request a ticket-granting ticket for System A principal.

To test the network authentication service, follow these steps:
  1. On a command line, enter QSH to start the Qshell Interpreter.
  2. Enter keytab list to display a list of principals registered in the keytab file. The following results should display:
    Principal: krbsvr400/systema.myc.com@MYCO.COM      
      Key version: 1                                                       
      Key type: 256-bit AES                            
      Entry timestamp: 20XX/05/29-11:02:58                                 
  3. Enter kinit -k krbsvr400/systema.myco.com@MYCO.COM to request a ticket-granting ticket from the Kerberos server.
    This command verifies that your system has been configured properly and the password in the keytab file matches the password stored on the Kerberos server. If this is successful, the QSH command displays without errors.
  4. Enter klist to verify that the default principal is krbsvr400/systema.myco.com@MYCO.COM.
    This command displays the contents of a Kerberos credentials cache and verifies that a valid ticket has been created for the IBM® i service principal and placed within the credentials cache on the system.
     Ticket cache: FILE:/QIBM/USERDATA/OS400/NETWORKAUTHENTICATION/creds/krbcred
     Default principal: krbsvr400/systema.myco.com@MYCO.COM  
    Server: krbtgt/MYCO.COM@MYCO.COM              
      Valid 20XX/06/09-12:08:45 to 20XX/11/05-03:08:45                          
You have completed the tasks required to configure network authentication service on System A.