Adding a password server

The password server allows Kerberos principals to change their passwords.

Currently IBM® i PASE does not support the optional configuration of a password server. To change passwords for principals on an IBM i PASE Kerberos server, you need to enter the PASE environment (call QP2TERM) and issue the kpasswd command. The following instructions allow you to update the network authentication service configuration to point to an additional or new password server for the default realm. To add a password server to a realm, complete the following steps:
  1. In IBM Navigator for i, expand IBM i Management > Security > Network Authentication Service.
  2. Click Realm.
  3. Right-click the name of the realm in the right pane and select Properties.
  4. On the Password Server tab, enter the name of the password server.
    For example, a valid name for the password server might be: psvr.myco.com.
  5. Enter the port number that corresponds with the password server. A valid port number can be 1-65535. The default port for the password server is 464.
  6. Click Add.
    The new password server will be added to the list.
  7. Click OK.