Administration
Manual Administration Using kadmin
Number of | Specify the number of failed authentication attempts |
authentication | the principal is allowed. The number must be an |
failures (fcnt) | integer between 0 and 255. |
Key Version | The number must be an integer between 0 and 255. |
Number (vno) | When you create a principal, its key version number |
| (vno) is 1 and then it automatically increments by one |
| each time the key is changed. You can manually change |
| the key version number using this command. |
The general syntax for modifying an existing principal is:
command: mod
To modify the principal admin, you need to do the following:
Command: mod
Name of Principal to Modify: admin
Parameter Type to be Modified (attr,fcnt,vno or quit):<option>
Principal modified.
Enter the Parameter type to be modified at the command line prompt. Based on the parameter you have opted for the principal is modified. The following sections of this chapter entail a detailed description of the parameter types.
Number of Authentication failures (fcnt)
When you create a principal, the failed authentication count is automatically set to zero. The user associated with that principal increments the failed authentication count by one for each failed authentication attempt.
If the user has more consecutive authentication failures than allowed by the MaxFailAuthCnt parameter in the password policy file, the principal is locked. Before the user can attempt to authenticate again, the administrator must unlock the principal, which resets the fcnt to zero.
If the user successfully authenticates before the maximum failed authentication count value, fcnt is automatically reset to zero.
To modify the parameter type fcnt for the principal admin, you need to do the following:
176 | Chapter 6 |