HP UX Kerberos Data Security Software manual Protecting a Secret Key, Removing Service Principals

Administering the Kerberos Server

Principals

Protecting a Secret Key

A user principal must provide its password during authentication to create the secret key of the user principal. For best security, all users must periodically change their passwords.

This version of Kerberos contains the following methods to enforce user principals to change their password:

•You can enable the Password Change Required attribute to enforce the users to change their passwords during next logon.

•When the password expiration date is exceeded, the user principal must change his or her password. The password policy file or the date set for the principal account using one of the Kerberos server administrative utilities contain the password expiration time.

In all these cases, users can use the UNIX command kpasswd to change their passwords. When users execute the kpasswd command at the HP-UX prompt, they must enter the current password, then enter the new password twice to verify the new password string. The new password of the principal is automatically checked against the password policy file to ensure that it meets the enterprise criteria for secure passwords. Using the password policy file, you can specify rules that require users to create passwords that can prevent easy discovery of the password. For more information on the Password Policy File, see “Password Policy File” on page 119.

If you are using a principal account with the required administrative permissions, you can change the password of the user principal without knowing the current password of the principal.

When you change the password of a principal using one of the Kerberos administrative utilities, the password is not verified against the password policy file. Therefore, after you set a password, the user must change the password the next time he or she attempts to authenticate using the account. The Change Password Required attribute is automatically enabled. You must securely communicate the temporary password to the user so that users are aware of their temporary passwords during next logon.

Removing Service Principals

When you delete a service principal account from the database, the service account is no longer available on the network.