Administering the Kerberos Server
Manual Administration Using kadmin
NOTE
HP recommends that you use the graphical user interface administrative utility, kadminl_ui, to administer these parameters.
Adding a New PrincipalYou must specify the add administrative privilege in admin_acl_file to add a principal to the database.
To add a new principal, type kadmin add at the
The general syntax for adding a new principal is as follows:
command: add
You must specify values for all the mandatory LDAP attributes while creating a Kerberos principal. These attributes need to be specified only if the LDAP DN does not exist in the Directory server. You are prompted for mandatory attributes based on the default object class template that you specified while configuring your Kerberos server with LDAP as the backend. You are not prompted for LDAP attributes if the default object class template consists of only one mandatory attribute.
When creating principal names, ensure that a principal name meets the following conditions:
•Is
•Is shorter than 767 characters.
•Is uniquely defined in the first 255 characters.
•Do not contain a space, tab, # (pound sign), \ (backslash) or : (colon).
•Does not subscribe to a NULL policy.
If you subscribe to a policy that does not exist in the password.policy file, the default policy * is applied to the principal.
204 | Chapter 8 |