|
| Administering the Kerberos Server |
|
| Attributes Tab (Principal Information Window) |
Table | Attributes Tab Components (Continued) | |
|
|
|
| Components | Description |
|
|
|
| Allow Forwardable | Specifies if a principal is allowed ticket |
|
| forwarding. Forwarding is a process that |
|
| sends a |
|
| one network host to another host. The |
|
| second host system can use the forwarded |
|
| TGT to generate a new service ticket on |
|
| behalf of the principal. |
|
| The Allow Forwardable attribute applies to |
|
| both user and service principals. If you set |
|
| this attribute for a user principal, the |
|
| principal can be issued a forwarded or |
|
| forwardable ticket. If you set this attribute |
|
| for a service principal, the server can issue a |
|
| forwarded service ticket for the service. |
|
|
|
| Allow Proxy | Specifies if a principal is allowed proxy |
|
| tickets. Proxy tickets allow applications that |
|
| a principal accesses with a TGT to request a |
|
| special class of service ticket. You can move |
|
| this type of service ticket to another host on |
|
| the network that acts on behalf of the |
|
| principal, for example, a print service |
|
| printing a file. |
|
| The Allow Proxy attribute applies to both |
|
| user and service principals. If you set this |
|
| attribute for a user principal, the principal |
|
| can be issued a proxy ticket. If you set this |
|
| attribute for a service principal, the server |
|
| can issue a proxy service ticket for the |
|
| service. |
|
|
|
| Allow Duplicate | Specifies if a principal is allowed to use a |
| Session Keys | duplicate session key. A duplicate session |
|
| key is used in |
|
| and specifies which key is used to encrypt |
|
| the tickets. |
|
|
|
Chapter 8 | 171 |