Administering the Kerberos Server

The admin_acl_file File

Assigning Administrative Permissions

Administrative principals may have varying levels of trust assigned to them, depending on the policies of your organization.

Table 8-2 lists the possible administrative permission settings and the letter designator used in admin_acl_file to indicate the permissions assigned to the principal account.

Table 8-2

Administrative Permission Settings

 

 

 

 

 

Administrator Field Name

ACL File

 

Character

 

 

 

 

 

 

Add principals.

a or A

 

 

 

 

Change principal passwords.

c or C

 

 

 

 

Delete principals.

d or D

 

 

 

 

Edit admin_acl_file.

e or E

 

NOTE: You cannot restrict this setting by using the r

 

 

or R permission.

 

 

 

 

 

Edit group defaults.

g or G

 

 

 

 

Inquire about principals. You can assign this attribute

i or I

 

to all administrative principals to allow use of the

 

 

administrative tools.

 

 

 

 

 

List principal. This is redundant with i or I.

l or L

 

NOTE: This permission is not displayed in the HP

 

 

Kerberos Administrator.

 

 

 

 

 

Modify principals.

m or M

 

 

 

 

Extract keys.

x or X

 

 

 

 

Restricted administrator. Use the r, R, and Rr

r or R

 

modifiers in combination with a, A, c, C, d, D, i,

 

 

I, m, M, or x. The X modifier allows you to permit

 

 

administrative principals to use those options only

 

 

against certain principals.

 

 

 

 

114

Chapter 8

Page 113 Page 115
Page 114
Image 114
HP UX Kerberos Data Security Software manual Assigning Administrative Permissions
Page 113 Page 115
Top Page Image Contents