Administering the Kerberos Server

Manual Administration Using kadmin

NOTE

HP recommends that you use the graphical user interface administrative utility, kadminl_ui, to administer these parameters.

Adding a New Principal

You must specify the add administrative privilege in admin_acl_file to add a principal to the database.

To add a new principal, type kadmin add at the HP-UX prompt. This command adds a new principal with the specified name and password to the principal database. When you add a principal by using the add command, the principal inherits the default group principal settings for the key type and salt types.

The general syntax for adding a new principal is as follows:

command: add

You must specify values for all the mandatory LDAP attributes while creating a Kerberos principal. These attributes need to be specified only if the LDAP DN does not exist in the Directory server. You are prompted for mandatory attributes based on the default object class template that you specified while configuring your Kerberos server with LDAP as the backend. You are not prompted for LDAP attributes if the default object class template consists of only one mandatory attribute.

When creating principal names, ensure that a principal name meets the following conditions:

Is case-sensitive.

Is shorter than 767 characters.

Is uniquely defined in the first 255 characters.

Do not contain a space, tab, # (pound sign), \ (backslash) or : (colon).

Does not subscribe to a NULL policy.

If you subscribe to a policy that does not exist in the password.policy file, the default policy * is applied to the principal.

204

Chapter 8

Page 204
Image 204
HP UX Kerberos Data Security Software manual Adding a New Principal