Administration
Attributes Tab (Principal Information window)
Allow Duplicate Session Keys Attribute The Duplicate Session Key attribute specifies if a principal is allowed to use a duplicate session key. A duplicate session key. A duplicate session key is used in
Require
The Require Preauthentication attribute applies to users and service principals. If this attribute is set for a user principal, the user is required to be running logon software that performs authentication using the preauthentication protocol. If this attribute is set for a service principal, service cannot accept TGT’s from a user principal if the user did not obtain a TGT using a preauthentication protocol.
Require Password Change Attribute The Require Password Change Attribute specifies that a principal must change its password during the next logon to the security server. The Require Password Change attribute applies to user principals.
When a new principals added to the database or when a principal’s password is changed, this attribute is controlled by the NoReqChangePwd setting in the Principal’s Password Policy file. By default, NoReqChangePwd is set to zero, meaning the user must change their password at the first logon.
Lock Principal Attribute The Lock Principal attribute specifies if a principal is active. A locked principal still exists in the principal database, but it is unable to use or provide Kerberized services.
Chapter 6 | 147 |