|
| Administering the Kerberos Server |
|
| Attributes Tab (Principal Information Window) |
Table | Attributes Tab Components (Continued) | |
|
|
|
| Components | Description |
|
|
|
| Lock Principal | Specifies if a principal is active. A locked |
|
| principal still exists in the principal |
|
| database, but it is unable to use or provide |
|
| Kerberos services. |
|
| The Lock Principal attribute applies to both |
|
| user and service principals. If you set this |
|
| attribute for a user principal, tickets cannot |
|
| be issued to the user. If you set this |
|
| attribute for a service principal, tickets are |
|
| not issued to it. |
|
| When a principal exceeds the maximum |
|
| number of failed authentication attempts |
|
| allowed by the password policy file, the Lock |
|
| attribute is set. The default maximum level |
|
| allowed for failed authentication attempts is |
|
| 5. If a principal is locked, an administrative |
|
| user must unlock the principal before the |
|
| user authenticates. |
|
|
|
| Allow As Service | Specifies if a principal is allowed to act as a |
|
| service. Set this attribute to allow a |
|
| principal to act as a service (that is, the |
|
| name of the principal is in the server field of |
|
| the service ticket). You must select this |
|
| attribute for any principal that is used as a |
|
| service principal. |
|
| You can apply the Allow As Service |
|
| attribute to all principals, in addition to |
|
| principals that act solely as service |
|
| principals. The attribute is selected by |
|
| default. |
|
| NOTE: User principals must have this |
|
| attribute set when using |
|
| authentication. |
|
|
|
Chapter 8 | 173 |