Verifying network authentication service and EIM configuration

Now that you have verified the individual pieces of your single sign-on configuration and ensured that all setup is complete, you must verify that you have configured EIM and network authentication service correctly and that single sign-on works as expected.

Note: When using the 5250 emulator in IBM® i Access Client Solutions with Kerberos Authentication, you need to change the Remote sign-on (QRMTSIGN) system value to *VERIFY to enable you to bypass the sign-on. To change the Remote sign-on system value, follow these steps:
  1. In IBM Navigator for i on System A, expand IBM i Management > Configuration and Service .
  2. Click System Values.
  3. Right-click Signon and select Properties.
  4. On the Remote page, select Allow sign-on to be bypassed and Verify user ID on target system, and click OK.
  5. Repeat these steps on System B.

Verify that your single sign-on environment works correctly.

Have John Day follow these steps:

  1. In IBM i Access Client Solutions,
    1. On the System pull-down, select System A.
    2. Expand General and click 5250 Emulator to open a connection to System A.
  2. An emulator session is started for System A and no sign-on prompt displays. To verify the session is signed on as JOHND, John Day's IBM i user profile, enter the DSPJOB command in the emulator session and check that the USER: field shows JOHND.
    Note: IBM i Access Client Solutions 5250 emulator session successfully used EIM to map the jday Kerberos principal to the JOHND System A user profile because of the associations defined for EIM identifier, John Day. The emulator session for System A is now connected as JOHND.

Have Sharon Jones follow these steps:

  1. In IBM i Access Client Solutions,
    1. On the System pull-down, select System A.
    2. Expand General and click 5250 Emulator to open a connection to System A.
  2. An emulator session is started for System A and no sign-on prompt displays. To verify the session is signed on as SHARONJ, Sharon Jones' IBM i user profile, enter the DSPJOB command in the emulator session and check that the USER: field shows SHARONJ.
    Note: IBM i Access Client Solutions 5250 emulator session successfully used EIM to map the sjones Kerberos principal to the SHARONJ System A user profile because of the associations defined for EIM identifier, Sharon Jones. The emulator session for System A is now connected as SHARONJ.