Enabling IBM i NetServer support for Kerberos V5 authentication

Kerberos provides strong authentication for client and server applications by using secret-key cryptography. IBM® i NetServer also supports Kerberos Version 5 (V5) for user authentication.

To enable IBM i NetServer support for Kerberos V5 authentication, you must first have the System i® Navigator Security option, Network authentication service, and Enterprise Identity Mapping (EIM) configured.

You can enable IBM i NetServer support for Kerberos V5 authentication through IBM i NetServer properties. The configuration wizard helps you configure the necessary services required for use with Kerberos V5. You must also complete the additional configuration requirements for Kerberos V5 authentication enablement.

To enable IBM i support for Kerberos V5 authentication through IBM i NetServer properties, follow these steps:

  1. In System i Navigator, expand Network > Servers > TCP/IP.
  2. Right-click IBM i NetServer and select Properties.
  3. On the Security tab, click the Next Start button.
  4. On the Security Next Start dialog box, select one of the following authentication methods:
    • If you select Passwords/Network authentication, clients that do not support Kerberos or clients that do support Kerberos but are not currently participating in a Kerberos realm use encrypted passwords to authenticate.
    • If you select Network authentication, all clients must use Kerberos to authenticate with the server. Therefore, only clients that support Kerberos V5 can connect to IBM i NetServer after this support is enabled. The following Windows clients do not support Kerberos V5:
      • Windows 95
      • Windows 98
      • Windows NT
      • Windows Me
  5. Click OK.
Note: If you fail to complete all of the configuration requirements, you will be unable to use IBM i NetServer after you restart the server.