|
|
| Administering the Kerberos Server | |
|
|
| Administrative Permissions | |
Table | Group Information Window Components (Continued) | |||
|
|
|
|
|
| Component |
| Description |
|
|
|
|
|
|
| Restricted |
| Select this option in addition to the Add Principals, Delete |
|
| Administrator |
| Principals, Modify Principals, Inquire about Principals, Extract |
|
|
|
| Keys, Change Principal Password attributes in the realm of the |
|
|
|
| administrative principal or all realms to permit administrative |
|
|
|
| principals to use these options only for the following principals: |
|
|
|
| • Restricted administrator in the This Realm box – Restricts |
|
|
|
| actions on admin_acl_file entries that belong to the realm of |
|
|
|
| the administrative principal. |
|
|
|
| • Restricted administrator in the All Realms box – Restricts |
|
|
|
| actions on admin_acl_file entries that belong to realms other |
|
|
|
| than the realm of the administrative principal. |
|
|
|
| • Restricted administrator in both the This Realm box and the |
|
|
|
| All Realms box – Restricts actions on admin_acl_file entries |
|
|
|
| that belong to any realm supported by the primary security |
|
|
|
| server. |
|
|
|
| You cannot restrict the administrative principals that have the |
|
|
|
| Restricted Administrator modifier from managing principals that |
|
|
|
| are not included in admin_acl_file. |
|
|
|
| The Restricted Administrator modifier setting does not override |
|
|
|
| the Modify Administrative Permissions, that is, an administrative |
|
|
|
| principal with both the Modify Administrative Permissions and the |
|
|
|
| Restricted Administrator settings can change the principal |
|
|
|
| settings in admin_acl_file, including their own principal |
|
|
|
| settings. |
|
|
|
| The Restricted Administrator modifier setting also does not |
|
|
|
| override the Principal Information>Edit>Edit Group Default |
|
|
|
| setting; an administrative principal with both these settings |
|
|
|
| enabled can edit the values of the default group principal. |
|
|
|
|
|
|
| Edit Group |
| Edits the default values stored in the default group for the realm. |
|
| Defaults |
| You can edit the default principal using the Principal |
|
|
|
| Information>Edit>Edit Default Group>Group Information |
|
|
|
| window. |
|
|
|
|
|
|
Chapter 8 | 191 |