To verify that you have configured network authentication
service correctly, request a ticket-granting ticket for System A principal.
To test the network authentication service,
follow these steps:
- On a command line, enter QSH to start the Qshell
Interpreter.
- Enter keytab list to display a list of principals
registered in the keytab file. The following results should display:
Principal: krbsvr400/systema.myc.com@MYCO.COM
Key version: 1
Key type: 256-bit AES
Entry timestamp: 20XX/05/29-11:02:58
- Enter kinit -k krbsvr400/systema.myco.com@MYCO.COM to
request a ticket-granting ticket from the Kerberos server.
This
command verifies that your system has been configured properly and
the password in the keytab file matches the password stored on the
Kerberos server. If this is successful, the QSH command displays without
errors.
- Enter klist to verify that the default
principal is krbsvr400/systema.myco.com@MYCO.COM.
This
command displays the contents of a Kerberos credentials cache and
verifies that a valid ticket has been created for the
IBM® i service principal
and placed within the credentials cache on the system.
Ticket cache: FILE:/QIBM/USERDATA/OS400/NETWORKAUTHENTICATION/creds/krbcred
Default principal: krbsvr400/systema.myco.com@MYCO.COM
Server: krbtgt/MYCO.COM@MYCO.COM
Valid 20XX/06/09-12:08:45 to 20XX/11/05-03:08:45
$
You have completed the tasks required to configure
network authentication service on System A.