Administering the Kerberos Server
Attributes Tab (Principal Information Window)
Table | Attributes Tab Components (Continued) | |
|
|
|
| Components | Description |
|
|
|
| Require Initial | Specifies if the server is allowed to issue |
| Authentication | service to the service principal on behalf of a |
|
| user principal using a previously obtained |
|
| TGT. |
|
| If you set this attribute for the service |
|
| principal, a user principal must |
|
| authenticate to the server again, to obtain a |
|
| ticket for that service. For example, the |
|
| Change Password service requires that a |
|
| principal enter a password to receive a |
|
| ticket for the Change Password service. If |
|
| you do not set this attribute, the server |
|
| issues a server ticket based on the TGT that |
|
| it already possesses. |
|
| The Require Initial Authentication |
|
| attribute applies only to service principals. |
|
| If you select this attribute for a principal |
|
| being edited or created, the Allow as Service |
|
| attribute is automatically selected. |
|
|
|
| Set As Password | Specifies if the server is allowed to issue |
| Change Service | initial tickets to this service principal for |
|
| user principals whose passwords have |
|
| expired. |
|
|
|
174 | Chapter 8 |