Administering the Kerberos Server

Manual Administration Using kadmin

[principal] Specifies an alternate principal to extract other than the default host/fqdn@REALM principal, for example,

ext finance@BAMBI.COM

After ext executes, it prompts you for the service key table file name.

The default file name is /krb5/v5srvtab.

Listing the Attributes of a Principal

The inq command lists the attributes of the principal, if it exists. The kadmin utility displays the following message if the principal does not exist in the database:

Principal does not exist

The general syntax for listing the attributes of the principal is as follows:

command: inq

For example, to list the attributes of the principal admin, type kadmin at the HP-UX prompt, and specify the inq command and the name of the principal. Following is a sample output for the inq command:

command: inq

Name of Principal: admin

Modifying a Principal

To modify attributes of a principal in the database, use the kadmin mod command. In addition to the name of the principal, you must also specify the type of parameter.

You can modify the following parameters:

attr

Specifies properties associated with the principal.

fcnt

Specifies the number of failed authentication attempts

 

allowed for a principal. The number must be an integer

 

between 0 and 255.

vno

Specifies the key version number. The number must be

 

an integer between 0 and 255. When you create a

 

principal, its key version number (vno) is 1 and the

 

version number automatically increments by one each

 

time the key is changed.

208

Chapter 8

Page 208
Image 208
HP UX Kerberos Data Security Software manual Listing the Attributes of a Principal, Modifying a Principal