Administering the Kerberos Server
Principals
You must enter the fqdn in lowercase letters, and the fqdn instance must be the fully qualified domain name of the host system for the server or service.
These principals are not automatically added to the principal database when you install the Kerberos servers or application services.
Removing User PrincipalsYou may need to delete user principals from the database. When you delete a principal account from the database, the principal name, attributes, and properties are removed from the database and you cannot use the principal to authenticate to the Kerberos server. To delete a principal, use the HP Kerberos Administrator or the
For user principals, you may need to perform additional steps to remove the special privilege settings.
For user principals that use a UNIX system, every UNIX host that a principal uses contains the host/service principal. If this system is unused, delete the service key from the host and remove the host/<fqdn> principal from the database.
Removing Special Privilege SettingsIf the principal has special privileges, remove these privileges. Examples of special privileges are as follows:
•Administrative principal that is aware of the UNIX root password. Ensure that you change the root or administrator password according to your password requirements.
•Administrative principal using kadmin. Ensure that you remove the administrative principal entry in admin_acl_file.
NOTE | When you delete an administrative principal using the HP Kerberos |
| Administrator, any reference to that principal is automatically removed |
| from admin_acl_file. |
|
|
Chapter 8 | 127 |