Administering the Kerberos Server
Principals
| • Is case sensitive. |
| • Cannot be longer than 767 characters. |
| • Must be uniquely defined in the first 255 characters. |
| • Cannot contain a space, tab, pound symbol (#), backward slash (\) or |
| colon (:). |
| • Does not subscribe to a NULL policy. If you subscribe to a policy that |
| does not exist in the password.policy file, the default policy * is |
| applied for the principal. |
|
|
NOTE | You can use the slash (/) character in a principal name to delineate an |
| instance. |
|
|
Following are the different types of principals:
•User principal
A user principal is an account assigned to an individual in your organization. Each individual must have at least one account. You may choose to add multiple accounts for one individual if you intend to use the accounts for different purposes. Use the instance parameter of the principal name to designate the intended use of the account. Following are the special categories for user principals:
Administrative principals are user accounts with administrative permissions assigned in admin_acl_file. HP recommends that you use the /admin instance to distinguish these accounts.
•Service principal
A service principal is a principal account assigned to a service in your security network. Examples of service principals include secured daemons or services that are accessible on the network, and host/ principals created for a host system of the user.
122 | Chapter 8 |