Administering the Kerberos Server

Setting Administrative Permissions

 

 

Setting Administrative Permissions

 

 

Use the HP Kerberos Administrator window to assign administrative

 

 

permissions to users. When you assign administrative permissions to a

 

 

principal, the principal and its permissions are saved to

 

 

admin_acl_file located on the primary security server.

 

 

HP recommends that you add the /admin instance to a principal to

 

 

identify a principal as an administrator. The /admin instance of the user

 

 

must have a password different from the password for other instances,

 

 

thus providing additional security during administrative tasks. To

 

 

perform administrative tasks, you must log on to the HP Kerberos

 

 

Administrator with the admin principal, for instance,

 

 

user/admin@REALM.

 

 

To set administrative permission, complete the following steps:

Step

1.

In the HP Kerberos Administrator window, choose the Principals tab

 

 

and select the realm where the principal is located.

Step

2.

Click List All or Search to find the principal for which you want to

 

 

assign administrative permissions. For more information on how to

 

 

search a principal, see “Searching for a Principal” on page 149.

Step

3.

Click Edit to display the Principal Information window (Figure 8-2).

Step

4.

Choose the Principal Information>Edit, and choose the Edit

 

 

Administrative Permissions option to display the Administrative

 

 

Permissions window (Figure 8-11).

Step

5.

In the Administrative Permissions window, select the appropriate

 

 

permissions for the principal. You can assign permission for the principal

 

 

for all realms or only for the realm where the principal resides.

 

 

To enable a principal to run the remote or local administrative utility,

 

 

you must enable the Inquire About Principals option. For more

 

 

information, see “Administrative Permissions” on page 189.

Step

6.

Click OK to save the permissions to admin_acl_file.

188

Chapter 8

Page 188
Image 188
HP UX Kerberos Data Security Software manual Setting Administrative Permissions, Step