Administering the Kerberos Server
HP Kerberos Administrator
NOTE
HP Kerberos Administrator
HP Kerberos Administrator is a graphical user interface that you can use to administer the principal database.
You can use the HP Kerberos Administrator to perform the following functions:
•Creating, modifying, and deleting principals.
•Altering a principal account key type setting.
•Assigning administrative permissions.
•Modifying the default group principals.
•Extracting principals to service key table files.
Following are the different types of graphical user interface administrative utilities:
•kadminl_ui
•kadmin_ui – The remote administrator.
The local administrator, kadminl_ui, is available only on the primary security server, and is located in the /opt/krb5/admin/kadminl_ui directory.
You can install the remote administrator, kadmin_ui, on secondary security servers and clients to permit remote administration of the principal database. The kadmin_ui remote administrator is located in the /opt/krb5/bin/kadmin_ui directory on the secondary security servers and clients.
You must use kadminl to add the first administrative principal, before you can use kadmin from a secondary security server or client.
You need not log on as an admin principal to the local administrator. A user with root access to the primary security server can run kadminl.
Alternatively, to log on to the remote administrator, use a principal account that has an entry in admin_acl_file. For complete access to all the functions, use an unrestricted administrative principal account with
132 | Chapter 8 |