Administering the Kerberos Server

Creating an Administrative Principal

 

 

Creating an Administrative Principal

 

 

You can use the HP Kerberos Administrator window to create an

 

 

administrative principal. When you create a principal and assign the

 

 

administrative permissions to it, the principal is stored in

 

 

admin_acl_file located on the primary security server. For more

 

 

information on admin_acl_file, see “The admin_acl_file File” on

 

 

page 113.

 

 

HP recommends that you assign the /admin instance to a principal that

 

 

is an administrator. Therefore, a user can have one or more of the

 

 

following principal accounts:

 

 

• One or more principals with non administrative permissions for

 

 

daily authentication.

 

 

• One principal account with the /admin instance that has

 

 

administrative permissions

 

.

 

 

 

NOTE

 

The /admin principal of the user must have a different password than the

 

 

password for other principal accounts of the user. This provides

 

 

additional security during administrative tasks.

 

 

To create an administrative principal, complete the following steps:

 

 

Step

1. In the HP Kerberos Administrator window, select the Realm in which

 

 

you want to create an administrative account.

Step

2. Click New to display the Principal Information window as shown in

 

 

Figure 8-2.

Step

3. Enter the identifier/admin@REALM of the administrative principal in

 

 

the Principal field.

Step

4. In the General tab, the default ticket information for the administrative

 

 

principal already exists. You may change this information or retain the

 

 

old values.

Step

5. Click Apply to display the Change Password window as shown in

 

 

Figure 8-3.

146

Chapter 8

Page 146
Image 146
HP UX Kerberos Data Security Software manual Creating an Administrative Principal