Administering the Kerberos Server
Creating an Administrative Principal
|
| Creating an Administrative Principal |
|
| You can use the HP Kerberos Administrator window to create an |
|
| administrative principal. When you create a principal and assign the |
|
| administrative permissions to it, the principal is stored in |
|
| admin_acl_file located on the primary security server. For more |
|
| information on admin_acl_file, see “The admin_acl_file File” on |
|
| |
|
| HP recommends that you assign the /admin instance to a principal that |
|
| is an administrator. Therefore, a user can have one or more of the |
|
| following principal accounts: |
|
| • One or more principals with non administrative permissions for |
|
| daily authentication. |
|
| • One principal account with the /admin instance that has |
|
| administrative permissions |
| . | |
|
|
|
NOTE |
| The /admin principal of the user must have a different password than the |
|
| password for other principal accounts of the user. This provides |
|
| additional security during administrative tasks. |
|
| To create an administrative principal, complete the following steps: |
|
| |
Step | 1. In the HP Kerberos Administrator window, select the Realm in which | |
|
| you want to create an administrative account. |
Step | 2. Click New to display the Principal Information window as shown in | |
|
| |
Step | 3. Enter the identifier/admin@REALM of the administrative principal in | |
|
| the Principal field. |
Step | 4. In the General tab, the default ticket information for the administrative | |
|
| principal already exists. You may change this information or retain the |
|
| old values. |
Step | 5. Click Apply to display the Change Password window as shown in | |
|
|
146 | Chapter 8 |